时间戳

首页 > 解决方案 > 获取 .NET core API 的所有授权端点

.net - 获取 .NET core API 的所有授权端点

问题描述

有没有办法获得 .net 核心 API 的所有授权端点?目前我设法获得了所有路线:

 [HttpGet("routes")]
public IActionResult GetRoutes() {
    var routes = _provider.ActionDescriptors.Items.Select(x => new { 
       Action = x.RouteValues["Action"], 
       Controller = x.RouteValues["Controller"], 
       Name = x.AttributeRouteInfo.Name, 
       Template = x.AttributeRouteInfo.Template 
    }).ToList();
    return Ok(routes);
}

但是有没有办法知道哪条路线有 [Authorized] 注释?

提前致谢

标签: .net.net-core

解决方案

这是我找到安全控制器和操作的实现:

    public class MvcControllerDiscovery : IMvcControllerDiscovery
    {
        private readonly IActionDescriptorCollectionProvider _actionDescriptorCollectionProvider;

        public MvcControllerDiscovery(IActionDescriptorCollectionProvider actionDescriptorCollectionProvider)
        {
            _actionDescriptorCollectionProvider = actionDescriptorCollectionProvider;
        }

        public IEnumerable<MvcControllerInfo> GetControllers()
        {
            var items = _actionDescriptorCollectionProvider
                .ActionDescriptors.Items
                .Where(descriptor => descriptor.GetType() == typeof(ControllerActionDescriptor))
                .Select(descriptor => (ControllerActionDescriptor)descriptor)
                .GroupBy(descriptor => descriptor.ControllerTypeInfo.FullName)
                .ToList();

            foreach (var actionDescriptors in items)
            {
                if (!actionDescriptors.Any())
                    continue;

                var actionDescriptor = actionDescriptors.First();
                var controllerTypeInfo = actionDescriptor.ControllerTypeInfo;

                foreach (var descriptor in actionDescriptors.GroupBy(a => a.ActionName).Select(g => g.First()))
                {
                    var methodInfo = descriptor.MethodInfo;
                    if (IsProtectedAction(controllerTypeInfo, methodInfo))
                    {
                    }
                }

            }
        }

        private static bool IsProtectedAction(MemberInfo controllerTypeInfo, MemberInfo actionMethodInfo)
        {
            if (actionMethodInfo.GetCustomAttribute<AllowAnonymousAttribute>(true) != null)
                return false;

            if (controllerTypeInfo.GetCustomAttribute<AuthorizeAttribute>(true) != null)
                return true;

            if (actionMethodInfo.GetCustomAttribute<AuthorizeAttribute>(true) != null)
                return true;

            return false;
        }
    }

github上的完整源代码。

推荐阅读