如何为匿名用户创建授权策略

问题描述 投票:0回答:2

使用 .NET Core 5 - 据我了解,每个用户(无论是否登录)都会分配一个身份。因此,默认情况下,将分配一个匿名用户,

Identity.User.IsAuthenticated == false

我不知道如何将其表达为一项政策。有谁知道如何创建授权策略来代表这些匿名用户?

public static void AddAuthorizationAndPolicies(this IServiceCollection services)
 {
   services.AddAuthorization(options =>
   {
        //Policy for logged in user - straightforward
                options.AddPolicy("IsLoggedIn",
                    policy => policy.RequireAuthenticatedUser());
                
        //Policy for admin user - straightforward
                options.AddPolicy("IsAdminUser",
                    policy => policy.RequireRole("Admin"));

        //policy for Anonymous users - *** How to do this ***?
                options.AddPolicy("IsAnonymousUser",
                    policy => policy.AddRequirements()); //???
          
  });
}
.net-core authorization
2个回答
0
投票

您可以像这样添加 

PermissiveAuthorizationPolicy
并让任何人通过

services.AddAuthorization(options =>
{
    options.AddPolicy(ReverseProxyConfig.AuthPolicyName, policy =>
        policy.Requirements.Add(new PermissiveAuthorizationPolicy())
        );
});


public class PermissiveAuthorizationPolicy : AuthorizationHandler<PermissiveAuthorizationPolicy>, IAuthorizationRequirement
{
    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissiveAuthorizationPolicy requirement)
    {
        context.Succeed(requirement);
        return Task.CompletedTask;
    }
}
-1
投票

好吧,似乎执行此操作的一种方法是创建自定义授权要求类,然后创建使用它的策略。

创建自定义授权类(在本例中名为“AllowAnonymousAuthorizationRequirement”)...

 public class AllowAnonymousAuthorizationRequirement: 
        AuthorizationHandler<AllowAnonymousAuthorizationRequirement>, IAuthorizationRequirement
    {
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AllowAnonymousAuthorizationRequirement requirement)
        {
            var user = context.User;
            var userIsAnonymous = user?.Identity == null || !user.Identities.Any(i => i.IsAuthenticated);
            //success is user IS anonymous
            if (userIsAnonymous)
            {
                context.Succeed(requirement);
            }
            return Task.CompletedTask;
        }
    }

然后添加使用新自定义要求的策略...

public static void AddAuthorizationAndPolicies(this IServiceCollection services)
 {
   services.AddAuthorization(options =>
   {
       options.AddPolicy("IsAnonymousUser",
                    policy => policy.AddRequirements( new AllowAnonymousAuthorizationRequirement()));
          
  });
}

请注意,此策略将拒绝经过身份验证的用户 - 因此仅在当前状态下专门针对匿名用户有用。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.