时间戳

首页 > 解决方案 > Odata 如何对用户角色的 $expand 功能进行授权?

c# - Odata 如何对用户角色的 $expand 功能进行授权?

问题描述

我想根据角色限制对 $expand 操作的访问。我的问题需要限制用户角色对某些实体的访问。有人可以给出一些关于从哪里开始的提示吗?

标签: c#asp.net-web-api2authorizationodata

解决方案

您可以使用此代码片段进行授权我从http://www.software-architects.com/devblog/2014/09/12/10-OData-FAQs得到, 代码太多

[Authorize]
[ODataRoutePrefix("Customer")]
public class CustomerController : ODataController
{
    [...]
    [EnableQuery]
    public IHttpActionResult Get()
    {
        if (!string.IsNullOrWhiteSpace(((ClaimsPrincipal)Thread.CurrentPrincipal).Claims.FirstOrDefault(c => c.Type == "IsAdmin").Value))
        {
            return Ok(context.Customers);
        }
        return Unauthorized();
    }

    [...]
}

或创建扩展方法 IEdmModelBuilder 更多参考

git hub 上的ODataAuthorizationQueryValidatorSample

using System;
using System.Linq;
using System.Reflection;
using System.Web.OData;
using Microsoft.OData.Edm;

namespace MHS.Assessments.WebAPI.Utilities
{
    public static class IEdmModelBuilderExtensions
    {
        public static void AddAuthorizedRolesAnnotations(this IEdmModel edmModel)
        {
            var typeAnnotationsMapping = edmModel.SchemaElementsAcrossModels()
                .OfType<IEdmEntityType>()
                .Where(t => edmModel.GetAnnotationValue<ClrTypeAnnotation>(t) != null)
                .Select(t => edmModel.GetAnnotationValue<ClrTypeAnnotation>(t).ClrType)
                .ToDictionary(clrType => clrType,
                              clrType => clrType.GetCustomAttributes<CanExpandAttribute>(inherit: false));

            foreach (var kvp in typeAnnotationsMapping)
            {
                foreach (var attribute in kvp.Value)
                {
                    attribute.SetRoles(edmModel, kvp.Key);
                }
            }
        }


        public static void SetAuthorizedRolesOnType(this IEdmModel model,string typeName,string[] roles)
        {
            IEdmEntityType type = model.FindType(typeName) as IEdmEntityType;
            if (type == null)
            {
                throw new InvalidOperationException("The authorized element must be an entity type");
            }

            model.SetAnnotationValue<AuthorizedRoles>(type, new AuthorizedRoles(roles));
        }
    }
}

WebApiConfig.ca

edmModel.SetAuthorizedRolesOnType("Customers", new string[] { "Support"});

推荐阅读