重定向到 Blazor WebAssembly 中的 403 禁止组件

问题描述 投票:0回答:2

我目前正在开发 .NET Standard 2.1 Blazor WebAssembly Hosted 应用程序。

在我的身份验证方案中,我使用用户角色

如果用户不具有角色,即

Admin
,我想将所有用户重定向到<ForbiddenView />

如果能在应用程序的一个地方处理这个问题就好了。

  • 我的 App.razor 看起来像这样:
   <CascadingAuthenticationState>
        <Router AppAssembly="@typeof(Program).Assembly">
            <Found Context="routeData">
                <AuthorizeRouteView RouteData="@routeData">
                    <Authorizing>
                        <p>Authorizing...</p>
                    </Authorizing>
                    <NotAuthorized>
                        @if (!context.User.Identity.IsAuthenticated)
                        {
                           // User is not authenticated - forward to login view
                            <LoginView />
                        }
                        else if(context.User.Identity.IsAuthenticated && context.User.Identity.NotInRole) // .NotInRole does not exist!!
                        {
                            // 403 - User is authenticated, but not in a specific role i.e. admin to view a page in my app. The server understood the request, but is refusing to fulfill it.
                            <ForbiddenView />
                        }
                        else
                        {
                           // 401 - Login of my user happend - the request already includes Authorization credentials.
                            <NotAuthorizedView />
                        }
                    </NotAuthorized>
                </AuthorizeRouteView>
            </Found>
            <NotFound>
                <NotFoundView />
            </NotFound>
        </Router>
    </CascadingAuthenticationState>

你知道如何集中处理 Blazor WebAssembly 中的 403 错误吗?

您对如何处理 Blazor WebAssembly 上的 403 错误有什么建议吗?

c# authentication blazor http-status-code-403 webassembly
2个回答
2
投票

尝试在不同的上下文中使用 AuthorizeView :

<CascadingAuthenticationState>
    <Router AppAssembly="@typeof(Program).Assembly">
        <Found Context="routeData">
            <AuthorizeRouteView RouteData="@routeData">
                <Authorizing>
                    <p>Authorizing...</p>
                </Authorizing>
                <NotAuthorized>
                    <AuthorizeView Context="authenticated">
                        <Authorized Context="authenticated">
                            <AuthorizeView Roles="WhatEver" Context="role">
                                <Authorized Context="role">
                                    <NotAuthorizedView />
                                </Authorized>
                                <NotAuthorized Context="role">
                                    <ForbiddenView />
                                </NotAuthorized>
                            </AuthorizeView>
                        </Authorized>
                        <NotAuthorized Context="authenticated">
                            <RedirectToLogin />
                        </NotAuthorized>
                    </AuthorizeView>
                </NotAuthorized>
            </AuthorizeRouteView>
        </Found>
        <NotFound>
            <NotFoundView />
        </NotFound>
    </Router>
</CascadingAuthenticationState>


!context.User.IsInRole("WhatEver");

如果您特别需要 NotInRole:

public static bool NotInRole(this ClaimsPrincipal claimsPrincipal) 
    => claimsPrincipal.Claims.All(c => c.Type != "role");
0
投票
app.UseStatusCodePages("text/html", "<br/><br/><br/><br/><br/><center><h1>Error! <br/><hr/>Status Code {0}</h1><center>");//(for all error)


app.UseStatusCodePagesWithRedirects("/error/?id={0}");//(Read Error and get page for this error)
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.