如何为匿名用户创建授权策略
How to create an authorization policy for Anonymous users
使用 .NET Core 5 - 据我了解,每个用户(无论他们是否登录)都被分配了一个身份。因此,默认情况下,匿名用户将被分配 Identity.User.IsAuthenticated == false.
我不知道如何将其表达为一项政策。有谁知道如何创建授权策略来代表这些匿名用户?
public static void AddAuthorizationAndPolicies(this IServiceCollection services)
{
services.AddAuthorization(options =>
{
//Policy for logged in user - straightforward
options.AddPolicy("IsLoggedIn",
policy => policy.RequireAuthenticatedUser());
//Policy for admin user - straightforward
options.AddPolicy("IsAdminUser",
policy => policy.RequireRole("Admin"));
//policy for Anonymous users - *** How to do this ***?
options.AddPolicy("IsAnonymousUser",
policy => policy.AddRequirements()); //???
});
}
好吧,执行此操作的一种方法似乎是创建自定义授权要求 class,然后创建使用它的策略。
创建自定义授权class(在本例中名为“AllowAnonymousAuthorizationRequirement”)...
public class AllowAnonymousAuthorizationRequirement:
AuthorizationHandler<AllowAnonymousAuthorizationRequirement>, IAuthorizationRequirement
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AllowAnonymousAuthorizationRequirement requirement)
{
var user = context.User;
var userIsAnonymous = user?.Identity == null || !user.Identities.Any(i => i.IsAuthenticated);
//success is user IS anonymous
if (userIsAnonymous)
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
然后添加使用新自定义要求的策略...
public static void AddAuthorizationAndPolicies(this IServiceCollection services)
{
services.AddAuthorization(options =>
{
options.AddPolicy("IsAnonymousUser",
policy => policy.AddRequirements( new AllowAnonymousAuthorizationRequirement()));
});
}
请注意,此策略将拒绝经过身份验证的用户 - 因此仅在当前状态下专门针对匿名用户有用。
使用 .NET Core 5 - 据我了解,每个用户(无论他们是否登录)都被分配了一个身份。因此,默认情况下,匿名用户将被分配 Identity.User.IsAuthenticated == false.
我不知道如何将其表达为一项政策。有谁知道如何创建授权策略来代表这些匿名用户?
public static void AddAuthorizationAndPolicies(this IServiceCollection services)
{
services.AddAuthorization(options =>
{
//Policy for logged in user - straightforward
options.AddPolicy("IsLoggedIn",
policy => policy.RequireAuthenticatedUser());
//Policy for admin user - straightforward
options.AddPolicy("IsAdminUser",
policy => policy.RequireRole("Admin"));
//policy for Anonymous users - *** How to do this ***?
options.AddPolicy("IsAnonymousUser",
policy => policy.AddRequirements()); //???
});
}
好吧,执行此操作的一种方法似乎是创建自定义授权要求 class,然后创建使用它的策略。
创建自定义授权class(在本例中名为“AllowAnonymousAuthorizationRequirement”)...
public class AllowAnonymousAuthorizationRequirement:
AuthorizationHandler<AllowAnonymousAuthorizationRequirement>, IAuthorizationRequirement
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AllowAnonymousAuthorizationRequirement requirement)
{
var user = context.User;
var userIsAnonymous = user?.Identity == null || !user.Identities.Any(i => i.IsAuthenticated);
//success is user IS anonymous
if (userIsAnonymous)
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
然后添加使用新自定义要求的策略...
public static void AddAuthorizationAndPolicies(this IServiceCollection services)
{
services.AddAuthorization(options =>
{
options.AddPolicy("IsAnonymousUser",
policy => policy.AddRequirements( new AllowAnonymousAuthorizationRequirement()));
});
}
请注意,此策略将拒绝经过身份验证的用户 - 因此仅在当前状态下专门针对匿名用户有用。