时间戳

首页 > 解决方案 > 如何在 Resolver 函数级别使用 GraphQL.NET 实现授权?

c# - 如何在 Resolver 函数级别使用 GraphQL.NET 实现授权?

问题描述

我正在寻找有关如何使用 GraphQL.NET 和 ASP.NET CORE 2 在解析器功能级别实现授权的示例代码和示例。

基本上,如果请求未经授权,我会尝试阻止执行查询。

任何人都可以帮助我获得一些好的教程或代码示例作为实现的参考。

标签: c#asp.net-core-2.0graphql-dotnet

解决方案

graphql -dotnet/authorization的页面AspNetCore尚未发布,请参考Add GraphQL.Server.Authorization.AspNetCore NuGet package #171

您可以实现Authorization.AspNetCore供您自己使用。

实施后Authorization.AspNetCore,您可以配置Authorize如下:

  • Startup.cs 

        public class Startup
{
    public Startup(IConfiguration configuration, IHostingEnvironment hostingEnvironment)
    {
        Configuration = configuration;
        Environment = hostingEnvironment;
    }

    public IConfiguration Configuration { get; }
    public IHostingEnvironment Environment { get; }

    // This method gets called by the runtime. Use this method to add services to the container.
    public void ConfigureServices(IServiceCollection services)
    {
        services.Configure<CookiePolicyOptions>(options =>
        {
            // This lambda determines whether user consent for non-essential cookies is needed for a given request.
            options.CheckConsentNeeded = context => true;
            options.MinimumSameSitePolicy = SameSiteMode.None;
        });
        services.AddAuthentication(option =>
        {
            option.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            option.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            option.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        }).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme);
        services.AddGraphQL(options =>
        {
            options.EnableMetrics = true;
            options.ExposeExceptions = Environment.IsDevelopment();

            //options.
        })
        .AddGraphQLAuthorization(options =>
        {
            options.AddPolicy("Authorized", p => p.RequireAuthenticatedUser());
            //var policy = new AuthorizationPolicyBuilder()
            //                    .
            //options.AddPolicy("Authorized", p => p.RequireClaim(ClaimTypes.Name, "Tom"));
        });
        //.AddUserContextBuilder(context => new GraphQLUserContext { User = context.User });

        services.AddSingleton<MessageSchema>();
        services.AddSingleton<MessageQuery>();

        services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IHostingEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            app.UseHsts();
        }

        app.UseHttpsRedirection();
        app.UseStaticFiles();
        app.UseCookiePolicy();
        app.UseAuthentication();
        app.UseGraphQL<MessageSchema>("/graphql");
        app.UseGraphQLPlayground(new GraphQLPlaygroundOptions()
        {
            Path = "/ui/playground"
        });
        app.UseGraphiQLServer(new GraphiQLOptions
        {
            GraphiQLPath = "/ui/graphiql",
            GraphQLEndPoint = "/graphql"
        });

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");
        });
    }
}

  • 架构 

    public class MessageQuery : ObjectGraphType<Message>
{
    public MessageQuery()
    {
        Field(o => o.Content).Resolve(o => "This is Content").AuthorizeWith("Authorized");
        Field(o => o.SentAt);
        Field(o => o.Sub).Resolve(o => "This is Sub");
    }
}

如需完整演示,请参阅GraphQLNet

推荐阅读