基于自定义角色的身份验证 .NET CORE

Custom role based auth .NET CORE

我有一个项目,其中用户可以有多个角色,例如收银员和存货员。这些角色具有相同的权限,但某些人也可以拥有管理员和收银员角色。在这种情况下,他可以访问比 admin/cashier 本身更多的功能。

我已经进行了广泛的搜索,但我没有从文档中获得任何智慧,因为我最初认为政策是可行的方式,但现在我认为我们需要基于声明的授权。

经过搜索和尝试后,我没有找到以下问题的答案:

  1. 我需要什么tables/entities?
  2. 不用脚手架工具也能做到吗?
  3. 这整个过程是如何工作的,.NET CORE 如何知道要查看哪些角色?如何使用自定义角色?

如果有人能帮我解决这个问题,我将不胜感激。

干杯。

一种方法是使用 Identity 并使用 [Authorize(Roles ="Admin")] 授权用户。

如果不想使用脚手架工具,可以使用jwt token认证或者cookie认证。

这里有一个关于如何使用cookie认证的简单演示:

型号:

public class User
{
    public int Id { get; set; }
    public string Name { get; set; }
    public string Password { get; set; }
    public List<UserRole> UserRoles { get; set; }
}
public class Role
{
    public int Id { get; set; }
    public string RoleName { get; set; }
    public List<UserRole> UserRoles { get; set; }
}
public class UserRole
{
    public int UserId { get; set; }
    public User User { get; set; }
    public int RoleId { get; set; }
    public Role Role { get; set; }
}
public class LoginModel
{
    public string Name { get; set; }
    public string Password { get; set; }
}

控制器:

public class HomeController : Controller
{
    private readonly YouDbContext _context;

    public HomeController(YouDbContext context)
    {
        _context = context;
    }
    public IActionResult Login()
    {
        return View();
    }
    [HttpPost]
    public async Task<IActionResult> Login(LoginModel model)
    {
        var claims = new List<Claim>{};
        var user = _context.User
                           .Include(u=>u.UserRoles)
                           .ThenInclude(ur=>ur.Role)
                           .Where(m => m.Name == model.Name).FirstOrDefault();
        if(user.Password==model.Password)
        {
            foreach(var role in user.UserRoles.Select(a=>a.Role.RoleName))
            {
                var claim = new Claim(ClaimTypes.Role, role);
                claims.Add(claim);
            }               
            var claimsIdentity = new ClaimsIdentity(
                claims, CookieAuthenticationDefaults.AuthenticationScheme);

            var authProperties = new AuthenticationProperties{};
            await HttpContext.SignInAsync(
                CookieAuthenticationDefaults.AuthenticationScheme,
                new ClaimsPrincipal(claimsIdentity),
                authProperties);
        }
        return View("Index");
    }       
    public IActionResult Index()
    {
        return View();
    }

    //allow Cashier
    [Authorize(Roles = "Cashier")]
    public IActionResult Privacy()
    {
        return View();
    }

    //allow Admin
    [Authorize(Roles = "Admin")]
    public IActionResult AllowAdmin()
    {
        return View();
    }

    //allow both of the Admin and Cashier
    [Authorize(Roles = "Admin,Cashier")]
    public IActionResult AllowBoth()
    {
        return View();
    }

    //user has no rights to access the page
    public IActionResult AccessDenied()
    {
        return View();
    }

    //log out
    public async Task<IActionResult> Logout()
    {
        await HttpContext.SignOutAsync(
CookieAuthenticationDefaults.AuthenticationScheme);
        return RedirectToAction("Index");
    }        
}

数据库上下文:

public class YouDbContext: DbContext
{
    public YouDbContext(DbContextOptions<YouDbContext> options)
        : base(options)
    {
    }

    public DbSet<User> User { get; set; }
    public DbSet<Role> Role { get; set; }
    protected override void OnModelCreating(ModelBuilder modelBuilder)
    {
        modelBuilder.Entity<UserRole>()
   .HasKey(bc => new { bc.UserId, bc.RoleId });
        modelBuilder.Entity<UserRole>()
            .HasOne(bc => bc.User)
            .WithMany(b => b.UserRoles)
            .HasForeignKey(bc => bc.UserId);
        modelBuilder.Entity<UserRole>()
            .HasOne(bc => bc.Role)
            .WithMany(c => c.UserRoles)
            .HasForeignKey(bc => bc.RoleId);
    }
}

Startup.cs:

public class Startup
{
    public Startup(IConfiguration configuration)
    {
        Configuration = configuration;
    }

    public IConfiguration Configuration { get; }

    public void ConfigureServices(IServiceCollection services)
    {
        services.AddControllersWithViews();
        services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
                .AddCookie(options =>
                {
                    options.LoginPath = "/Home/Login";
                    options.AccessDeniedPath = "/Home/AccessDenied";
                });
        services.AddDbContext<WebApplication1Context>(options =>
                options.UseSqlServer(Configuration.GetConnectionString("WebApplication1Context")));
    }

    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        app.UseHttpsRedirection();
        app.UseStaticFiles();

        app.UseRouting();

        app.UseAuthentication();
        app.UseAuthorization();

        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Index}/{id?}");
        });
    }
}

结果: