检查ASP.NET Core授权系统中策略是否已满足的通常方法是在ConfigureServices中设置策略,如下所示:
services.AddAuthorization(conf => {
conf.AddPolicy("UserHasRecentPassport", policy => policy.RequireAssertion(ctx => { return ctx.User.HasRecentPassport(); }));
}
...,然后使用AuthorizeAttribute将其指定为控制器或动作,如下所示:
[Authorize("UserHasRecentPassport")]
public class HomeController : Controller {
public IActionResult Index() {
return View();
}
}
但是,我正在编写一个标记助手,它需要检查是否满足特定的策略。因此,我只需要在代码中检查一下即可,而不是使用AuthorizeAttribute方法。类似于:
public override void Process(TagHelperContext context, TagHelperOutput output) {
output.TagName = null;
if (!policyRequirementIsMet("UserHasRecentPassport")) {
output.SuppressOutput();
}
}
我有没有办法实现policyRequirementIsMet,所以它转到ASP.NET Core并说“告诉我是否满足名称X的策略”?
IAuthorizationService执行IAuthorizationService。它在imperative authorization类内部涉及更多,该类无法直接访问TagHelper及其HttpContext属性。 [这是一种使用User属性作为获取[ViewContext]和[ViewContext]的方法,并使用依赖项注入获取HttpContext的方法:
User
注意事项:
IAuthorizationService可通过public class PassportTagHelper : TagHelper
{
private readonly IAuthorizationService authorizationService;
public PassportTagHelper(IAuthorizationService authorizationService)
{
this.authorizationService = authorizationService;
}
[ViewContext]
public ViewContext ViewContext { get; set; }
public override async Task ProcessAsync(TagHelperContext ctx, TagHelperOutput output)
{
var httpContext = ViewContext.HttpContext;
var authorizationResult = await authorizationService
.AuthorizeAsync(httpContext.User, "UserHasRecentPassport");
if (!authorizationResult.Succeeded)
output.SuppressOutput();
}
}
}
属性访问,该属性在用HttpContext属性修饰时会自动设置。ViewContext变为ViewContext,因此它可以Process调用ProcessAsync。await返回的值是AuthorizeAsync,它通过AuthorizeAsync属性指示成功,并且在AuthorizationResult属性中指示失败的原因。AuthorizationResult来获取Succeeded实例,而不是使用Failure属性。通常,我尽量避免使用IHttpContextAccessor,但这并不意味着您应该这样做。