时间戳

首页 > 解决方案 > 根据策略列表授权

c# - 根据策略列表授权

问题描述

我正在研究不同的应用程序,每个应用程序都有自己的角色成员。

在 Startup.cs

var c= _configuration.GetSection(nameof(Configuration)).Get<List<Configuration>>();
foreach (Configuration r in c)
{
   services.AddAuthorization(options => {
                   options.AddPolicy(Configuration.Role, policy => 
                       policy.RequireRole(r.RoleMembers.Split(",")));
                   });
}

下面的代码不起作用,因为我指的是一个数组。

[Authorize(Policy = Configuration.Role)]

如何授权第 0 个元素?

标签: c#asp.net-coreasp.net-core-webapi

解决方案

您可以为多个策略实现自定义 AuthorizeAttribute。

1.AuthorizeMultiplePolicyAttribute

public class AuthorizeMultiplePolicyAttribute : TypeFilterAttribute
{
    public AuthorizeMultiplePolicyAttribute(string[] policies) : base(typeof(AuthorizeMultiplePolicyFilter))
    {
        Arguments = new object[] { policies };
    }
}

2.AuthorizeMultiplePolicyFilter

public class AuthorizeMultiplePolicyFilter : IAsyncAuthorizationFilter
{
    private readonly IAuthorizationService _authorization;
    public string[] _policies { get; private set; }

    public AuthorizeMultiplePolicyFilter(string[] policies,IAuthorizationService authorization)
    {
        _policies = policies;
        _authorization = authorization; 
    }

    public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
    {
            foreach (var policy in _policies)
            {
                var authorized = await _authorization.AuthorizeAsync(context.HttpContext.User, policy);
                if (!authorized.Succeeded)
                {
                    context.Result = new ForbidResult();
                    return;
                }
            }

    }
}

3.在启动时一一添加你想要的策略

services.AddAuthorization(options =>
{
   //register all policies based on your own code,give them different policy name
    options.AddPolicy("AdminPolicy", policy =>
            policy.RequireRole("Admin"));

    options.AddPolicy("SuperPolicy", policy =>
            policy.RequireRole("Super"));
});

4.使用自定义属性

[AuthorizeMultiplePolicy(new string[] { "AdminPolicy", "SuperPolicy" })]

推荐阅读