AuthorizeFilter 的默认策略是什么?
What is the default policy for AuthorizeFilter?
我看到的大多数代码都应用了策略。 AuthorizeFilter 的默认策略是什么? options.Filters.Add(new AuthorizeFilter()).
ASP.NETCore 的默认策略是对用户进行身份验证。在这里查看
https://github.com/dotnet/aspnetcore/blob/16a47948f80fede807fabe3c291d793590e8fd17/src/Security/Authorization/Core/src/AuthorizationOptions.cs#L28
public AuthorizationPolicy DefaultPolicy { get; set; } = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
您可以覆盖 startup.cs
中的默认策略
services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireClaim("AdminClaim")
.Build();
});
我看到的大多数代码都应用了策略。 AuthorizeFilter 的默认策略是什么? options.Filters.Add(new AuthorizeFilter()).
ASP.NETCore 的默认策略是对用户进行身份验证。在这里查看 https://github.com/dotnet/aspnetcore/blob/16a47948f80fede807fabe3c291d793590e8fd17/src/Security/Authorization/Core/src/AuthorizationOptions.cs#L28
public AuthorizationPolicy DefaultPolicy { get; set; } = new AuthorizationPolicyBuilder().RequireAuthenticatedUser().Build();
您可以覆盖 startup.cs
中的默认策略services.AddAuthorization(options =>
{
options.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireClaim("AdminClaim")
.Build();
});