ASP.NET 核心中基于声明的授权

Claim based authorization in ASP.NET Core

我正在使用 Claims 在 ASP.NET Core 中开发自己的项目,我参考了以下文章:http://blog.geveo.com/Claim-based-authorization-ASP-core

我很难理解,从我们在步骤 05 中的 Permissions 开始,因为它之前没有在任何地方定义。有什么想法吗?

services.AddAuthorization(options =>
{
    options.AddPolicy(PolicyTypes.Teams.Manage, policy => {
        policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Teams.Manage);
    });
    options.AddPolicy(PolicyTypes.Teams.AddRemove, policy => {
        policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Teams.AddRemove);
    });
    options.AddPolicy(PolicyTypes.Users.Manage, policy => {
        policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Users.Add);
    });
    options.AddPolicy(PolicyTypes.Users.EditRole, policy => {
        policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Users.EditRole);
    });
}

该博客 post 的第 2 步缺少 class,它同时包含 UsersTeams class。它应该是这样的:

public static class Permissions
{
    public static class Users
    {
        public const string Add = "users.add";
        public const string Edit = "users.edit";
        public const string EditRole = "users.edit.role";
    }

    public static class Teams
    {
        public const string AddRemove = "teams.addremove";
        public const string EditManagers = "teams.edit.managers";
        public const string Delete = "teams.delete";
    }
}

最后,这只是定义了在整个应用程序中用于标识各种权限的通用值。您也可以只传递一些字符串,但是将它们集中定义会使它更易于使用,因为您不需要记住魔术字符串。