.Net 5 从 Razor 页面检查 CustomPolicy
.Net 5 Check CustomPolicy from Razor Page
我有一个自定义授权处理程序,如下所示:
public class CanApproveArticlesByOtherAuthorsClaimsHandler : AuthorizationHandler<ManageArticleApprovalRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ManageArticleApprovalRequirement requirement)
{
var httpContext = context.Resource as HttpContext;
if (httpContext == null)
{
return Task.CompletedTask;
}
string loggedInUser = context.User.Claims
.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier).Value;
string authorId = (string)httpContext.Request.RouteValues["authorid"];
if (context.User.IsInRole("Admin")
&& context.User.HasClaim(claim => claim.Type == "Article Approver" && claim.Value == "true")
&& loggedInUser.ToLower() != authorId.ToLower())
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
我需要在加载时检查此策略是否成功 edit.cshtml 并确定是否需要在页面上加载控件。这是我现在拥有的,但我想使用自定义策略。
@if ((await authService.AuthorizeAsync(User, null, new[] { new ManageArticleApprovalRequirement() })).Succeeded)
{
<div class="col-sm-3 offset-sm-2">
<input asp-for="@Model.Approved" class="form-check-input" />
<label class="form-check-label" asp-for="@Model.Approved">Approve For Publication</label>
</div>
}
并在 Startup.cs
services.AddSingleton<IAuthorizationHandler, CanApproveOnlyArticlesByOtherAuthorsHandler>();
和
services.AddAuthorization(options =>
{
//Other code
options.AddPolicy("ApproveArticlesPolicy", policy => policy.AddRequirements(new ManageArticleApprovalRequirement()));
//Other code;
});
您可以直接使用 IAuthorizationService 来对有某些要求的用户进行授权,例如:
@inject IAuthorizationService _authService;
<!-- the code section that need to authorize -->
<!-- for razor view, pass in Context instead of ViewContext.HttpContext
for the resource -->
@if((await _authService.AuthorizeAsync(User, ViewContext.HttpContext, new [] { new ManageArticleApprovalRequirement() })).Succeeded){
<div class="col-sm-3 offset-sm-2">
<input asp-for="@Model.Approved" class="form-check-input" />
<label class="form-check-label" asp-for="@Model.Approved">Approve For Publication</label>
</div>
}
请注意,我假设您的 ManageArticleApprovalRequirement 具有无参数构造函数。基本上,您需要将该要求的实例传递给 IAuthorizationService.AuthorizeAsync 方法,如上面的代码所示。
我有一个自定义授权处理程序,如下所示:
public class CanApproveArticlesByOtherAuthorsClaimsHandler : AuthorizationHandler<ManageArticleApprovalRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ManageArticleApprovalRequirement requirement)
{
var httpContext = context.Resource as HttpContext;
if (httpContext == null)
{
return Task.CompletedTask;
}
string loggedInUser = context.User.Claims
.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier).Value;
string authorId = (string)httpContext.Request.RouteValues["authorid"];
if (context.User.IsInRole("Admin")
&& context.User.HasClaim(claim => claim.Type == "Article Approver" && claim.Value == "true")
&& loggedInUser.ToLower() != authorId.ToLower())
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
我需要在加载时检查此策略是否成功 edit.cshtml 并确定是否需要在页面上加载控件。这是我现在拥有的,但我想使用自定义策略。
@if ((await authService.AuthorizeAsync(User, null, new[] { new ManageArticleApprovalRequirement() })).Succeeded)
{
<div class="col-sm-3 offset-sm-2">
<input asp-for="@Model.Approved" class="form-check-input" />
<label class="form-check-label" asp-for="@Model.Approved">Approve For Publication</label>
</div>
}
并在 Startup.cs
services.AddSingleton<IAuthorizationHandler, CanApproveOnlyArticlesByOtherAuthorsHandler>();
和
services.AddAuthorization(options =>
{
//Other code
options.AddPolicy("ApproveArticlesPolicy", policy => policy.AddRequirements(new ManageArticleApprovalRequirement()));
//Other code;
});
您可以直接使用 IAuthorizationService 来对有某些要求的用户进行授权,例如:
@inject IAuthorizationService _authService;
<!-- the code section that need to authorize -->
<!-- for razor view, pass in Context instead of ViewContext.HttpContext
for the resource -->
@if((await _authService.AuthorizeAsync(User, ViewContext.HttpContext, new [] { new ManageArticleApprovalRequirement() })).Succeeded){
<div class="col-sm-3 offset-sm-2">
<input asp-for="@Model.Approved" class="form-check-input" />
<label class="form-check-label" asp-for="@Model.Approved">Approve For Publication</label>
</div>
}
请注意,我假设您的 ManageArticleApprovalRequirement 具有无参数构造函数。基本上,您需要将该要求的实例传递给 IAuthorizationService.AuthorizeAsync 方法,如上面的代码所示。