我正在使用 Blazor WASM 构建 Web 应用程序,对于某些页面,我想使用以下逻辑实现授权:如果用户的角色是
Admin
或者他对应于特定策略,则可以访问此页面。
我试过这个:
[Authorize(Roles = "Admin", Policy = "Policy")]
但它会检查这两个条件。
首先,创建一个需求:
public class CustomPolicyRequirement : IAuthorizationRequirement
{
}
然后创建一个处理程序:
public class CustomPolicyHandler : AuthorizationHandler<CustomPolicyRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CustomPolicyRequirement requirement)
{
if (context.User.IsInRole(nameof(RoleName.Admin))
// Check if user corresponds a policy
|| context.User.HasClaim(c => c.Type == ClaimTypes.Email && c.Value == "[email protected]"))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
最后,添加策略并注册处理程序:
builder.Services.AddAuthorizationCore(opt =>
{
opt.AddPolicy("Policy", policy => policy.Requirements.Add(new CustomPolicyRequirement()));
});
builder.Services.AddSingleton<IAuthorizationHandler, CustomPolicyHandler>();