在 Blazor WebAssembly 中重定向到 403 Forbidden 组件
Redirect to 403 Forbidden component in Blazor WebAssembly
我目前正在开发 .NET Standard 2.1 Blazor WebAssembly Hosted 应用程序。
在我的身份验证方案中,我使用 用户角色。
我想将所有用户重定向到 <ForbiddenView /> 如果用户不在角色中,即 Admin.
最好在应用程序的一个地方处理它。
- 我的 App.razor 看起来像这样:
<CascadingAuthenticationState>
<Router AppAssembly="@typeof(Program).Assembly">
<Found Context="routeData">
<AuthorizeRouteView RouteData="@routeData">
<Authorizing>
<p>Authorizing...</p>
</Authorizing>
<NotAuthorized>
@if (!context.User.Identity.IsAuthenticated)
{
// User is not authenticated - forward to login view
<LoginView />
}
else if(context.User.Identity.IsAuthenticated && context.User.Identity.NotInRole) // .NotInRole does not exist!!
{
// 403 - User is authenticated, but not in a specific role i.e. admin to view a page in my app. The server understood the request, but is refusing to fulfill it.
<ForbiddenView />
}
else
{
// 401 - Login of my user happend - the request already includes Authorization credentials.
<NotAuthorizedView />
}
</NotAuthorized>
</AuthorizeRouteView>
</Found>
<NotFound>
<NotFoundView />
</NotFound>
</Router>
</CascadingAuthenticationState>
你知道如何集中处理Blazor WebAssembly中的403错误吗?
对于如何处理 Blazor WebAssembly 上的 403 错误,您有什么建议吗?
尝试在不同的上下文中使用 AuthorizeView:
<CascadingAuthenticationState>
<Router AppAssembly="@typeof(Program).Assembly">
<Found Context="routeData">
<AuthorizeRouteView RouteData="@routeData">
<Authorizing>
<p>Authorizing...</p>
</Authorizing>
<NotAuthorized>
<AuthorizeView Context="authenticated">
<Authorized Context="authenticated">
<AuthorizeView Roles="WhatEver" Context="role">
<Authorized Context="role">
<NotAuthorizedView />
</Authorized>
<NotAuthorized Context="role">
<ForbiddenView />
</NotAuthorized>
</AuthorizeView>
</Authorized>
<NotAuthorized Context="authenticated">
<RedirectToLogin />
</NotAuthorized>
</AuthorizeView>
</NotAuthorized>
</AuthorizeRouteView>
</Found>
<NotFound>
<NotFoundView />
</NotFound>
</Router>
</CascadingAuthenticationState>
或!context.User.IsInRole("WhatEver");
如果您特别需要 NotInRole:
public static bool NotInRole(this ClaimsPrincipal claimsPrincipal)
=> claimsPrincipal.Claims.All(c => c.Type != "role");
我目前正在开发 .NET Standard 2.1 Blazor WebAssembly Hosted 应用程序。
在我的身份验证方案中,我使用 用户角色。
我想将所有用户重定向到 <ForbiddenView /> 如果用户不在角色中,即 Admin.
最好在应用程序的一个地方处理它。
- 我的 App.razor 看起来像这样:
<CascadingAuthenticationState>
<Router AppAssembly="@typeof(Program).Assembly">
<Found Context="routeData">
<AuthorizeRouteView RouteData="@routeData">
<Authorizing>
<p>Authorizing...</p>
</Authorizing>
<NotAuthorized>
@if (!context.User.Identity.IsAuthenticated)
{
// User is not authenticated - forward to login view
<LoginView />
}
else if(context.User.Identity.IsAuthenticated && context.User.Identity.NotInRole) // .NotInRole does not exist!!
{
// 403 - User is authenticated, but not in a specific role i.e. admin to view a page in my app. The server understood the request, but is refusing to fulfill it.
<ForbiddenView />
}
else
{
// 401 - Login of my user happend - the request already includes Authorization credentials.
<NotAuthorizedView />
}
</NotAuthorized>
</AuthorizeRouteView>
</Found>
<NotFound>
<NotFoundView />
</NotFound>
</Router>
</CascadingAuthenticationState>
你知道如何集中处理Blazor WebAssembly中的403错误吗?
对于如何处理 Blazor WebAssembly 上的 403 错误,您有什么建议吗?
尝试在不同的上下文中使用 AuthorizeView:
<CascadingAuthenticationState>
<Router AppAssembly="@typeof(Program).Assembly">
<Found Context="routeData">
<AuthorizeRouteView RouteData="@routeData">
<Authorizing>
<p>Authorizing...</p>
</Authorizing>
<NotAuthorized>
<AuthorizeView Context="authenticated">
<Authorized Context="authenticated">
<AuthorizeView Roles="WhatEver" Context="role">
<Authorized Context="role">
<NotAuthorizedView />
</Authorized>
<NotAuthorized Context="role">
<ForbiddenView />
</NotAuthorized>
</AuthorizeView>
</Authorized>
<NotAuthorized Context="authenticated">
<RedirectToLogin />
</NotAuthorized>
</AuthorizeView>
</NotAuthorized>
</AuthorizeRouteView>
</Found>
<NotFound>
<NotFoundView />
</NotFound>
</Router>
</CascadingAuthenticationState>
或!context.User.IsInRole("WhatEver");
如果您特别需要 NotInRole:
public static bool NotInRole(this ClaimsPrincipal claimsPrincipal)
=> claimsPrincipal.Claims.All(c => c.Type != "role");