如何在 ASP.NET 核心,MVC 6 中为用户保留策略授权结果?
How to persist policy authorization results for users in ASP.NET Core, MVC 6?
目前我有一个简单的自定义策略处理程序,如下所示:
protected override void Handle(AuthorizationContext context, UserPolicyRequirement requirement)
{
// authorize user against policy requirements
if (_authorizationTask.AuthorizeUserAgainstPolicy(context.User, requirement))
{
// User passed policy req's
context.Succeed(requirement);
}
}
问题是,这个授权步骤需要很长时间才能执行,但这在网站的许多不同区域都是必需的。是否有现成的机制来 save/cache 此策略授权的结果,以便我每次会话只需要执行一次?
我目前正在使用 Windows 身份验证,如果有帮助的话。
如果per session方式没有问题,可以使用Session来存储用户数据。简单的实现如下所示:
首先你需要一个服务来从任何商店获取用户数据
public interface IGetUserDataService
{
<type> GetUserData();
}
我假设有 Session 配置(see)和 IGetUserDataService 实现。
然后你需要创建一个middleware来处理Session
public class SessionMiddleware
{
private readonly RequestDelegate _next;
private readonly IGetUserDataService _getUserDataService;
public SessionMiddleware(RequestDelegate next, IGetUserDataService getUserDataService)
{
_next = next;
_getUserDataService = getUserDataService;
}
public async Task Invoke(HttpContext context)
{
//user data is obtained only once then is stored in Session
if (context.Session.Get("UserData") == null)
{
context.Session.Set("UserData", getUserDataService.GetData());
}
await _next.Invoke(context);
}
}
//In Startup.cs
app.UseMiddleware<SessionMiddleware>();
终于在处理程序中获取并使用会话数据
public class YourHandler : AuthorizationHandler<YourRequirement>
{
private readonly IHttpContextAccessor _accessor;
public YourHandler(IHttpContextAccessor accessor)
{
_accessor = accessor;
}
protected override void Handle(AuthorizationContext context, PermissionRequirement requirement)
{
var userData =(<type>)_accessor.HttpContext.Session.Get("UserData");
// check
}
}
目前我有一个简单的自定义策略处理程序,如下所示:
protected override void Handle(AuthorizationContext context, UserPolicyRequirement requirement)
{
// authorize user against policy requirements
if (_authorizationTask.AuthorizeUserAgainstPolicy(context.User, requirement))
{
// User passed policy req's
context.Succeed(requirement);
}
}
问题是,这个授权步骤需要很长时间才能执行,但这在网站的许多不同区域都是必需的。是否有现成的机制来 save/cache 此策略授权的结果,以便我每次会话只需要执行一次?
我目前正在使用 Windows 身份验证,如果有帮助的话。
如果per session方式没有问题,可以使用Session来存储用户数据。简单的实现如下所示:
首先你需要一个服务来从任何商店获取用户数据
public interface IGetUserDataService
{
<type> GetUserData();
}
我假设有 Session 配置(see)和 IGetUserDataService 实现。
然后你需要创建一个middleware来处理Session
public class SessionMiddleware
{
private readonly RequestDelegate _next;
private readonly IGetUserDataService _getUserDataService;
public SessionMiddleware(RequestDelegate next, IGetUserDataService getUserDataService)
{
_next = next;
_getUserDataService = getUserDataService;
}
public async Task Invoke(HttpContext context)
{
//user data is obtained only once then is stored in Session
if (context.Session.Get("UserData") == null)
{
context.Session.Set("UserData", getUserDataService.GetData());
}
await _next.Invoke(context);
}
}
//In Startup.cs
app.UseMiddleware<SessionMiddleware>();
终于在处理程序中获取并使用会话数据
public class YourHandler : AuthorizationHandler<YourRequirement>
{
private readonly IHttpContextAccessor _accessor;
public YourHandler(IHttpContextAccessor accessor)
{
_accessor = accessor;
}
protected override void Handle(AuthorizationContext context, PermissionRequirement requirement)
{
var userData =(<type>)_accessor.HttpContext.Session.Get("UserData");
// check
}
}