ASP.NET 核心中基于声明的授权
Claim based authorization in ASP.NET Core
我正在使用 Claims 在 ASP.NET Core 中开发自己的项目,我参考了以下文章:http://blog.geveo.com/Claim-based-authorization-ASP-core
我很难理解,从我们在步骤 05 中的 Permissions
开始,因为它之前没有在任何地方定义。有什么想法吗?
services.AddAuthorization(options =>
{
options.AddPolicy(PolicyTypes.Teams.Manage, policy => {
policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Teams.Manage);
});
options.AddPolicy(PolicyTypes.Teams.AddRemove, policy => {
policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Teams.AddRemove);
});
options.AddPolicy(PolicyTypes.Users.Manage, policy => {
policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Users.Add);
});
options.AddPolicy(PolicyTypes.Users.EditRole, policy => {
policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Users.EditRole);
});
}
该博客 post 的第 2 步缺少 class,它同时包含 Users
和 Teams
class。它应该是这样的:
public static class Permissions
{
public static class Users
{
public const string Add = "users.add";
public const string Edit = "users.edit";
public const string EditRole = "users.edit.role";
}
public static class Teams
{
public const string AddRemove = "teams.addremove";
public const string EditManagers = "teams.edit.managers";
public const string Delete = "teams.delete";
}
}
最后,这只是定义了在整个应用程序中用于标识各种权限的通用值。您也可以只传递一些字符串,但是将它们集中定义会使它更易于使用,因为您不需要记住魔术字符串。
我正在使用 Claims 在 ASP.NET Core 中开发自己的项目,我参考了以下文章:http://blog.geveo.com/Claim-based-authorization-ASP-core
我很难理解,从我们在步骤 05 中的 Permissions
开始,因为它之前没有在任何地方定义。有什么想法吗?
services.AddAuthorization(options =>
{
options.AddPolicy(PolicyTypes.Teams.Manage, policy => {
policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Teams.Manage);
});
options.AddPolicy(PolicyTypes.Teams.AddRemove, policy => {
policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Teams.AddRemove);
});
options.AddPolicy(PolicyTypes.Users.Manage, policy => {
policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Users.Add);
});
options.AddPolicy(PolicyTypes.Users.EditRole, policy => {
policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Users.EditRole);
});
}
该博客 post 的第 2 步缺少 class,它同时包含 Users
和 Teams
class。它应该是这样的:
public static class Permissions
{
public static class Users
{
public const string Add = "users.add";
public const string Edit = "users.edit";
public const string EditRole = "users.edit.role";
}
public static class Teams
{
public const string AddRemove = "teams.addremove";
public const string EditManagers = "teams.edit.managers";
public const string Delete = "teams.delete";
}
}
最后,这只是定义了在整个应用程序中用于标识各种权限的通用值。您也可以只传递一些字符串,但是将它们集中定义会使它更易于使用,因为您不需要记住魔术字符串。