asp.net 默认授权（没有 [Authorize]）

Question

我有一个 asp.netcore .net 5 应用程序。

我已获得使用控制器端点上方的 [Authorize] 属性的授权。

如何在不使用 [Authorize] 属性的情况下使用授权？以下是我设置授权的方式：

我在 ConfigureServices 中有这个：

public void ConfigureServices(IServiceCollection services)
{...
        FirebaseApp.Create(new AppOptions()
        {
            Credential = GoogleCredential.FromFile("firebase_admin_sdk.json"),
        });

        services
        .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(options =>
        {
            options.Authority = "https://securetoken.google.com/vepo-xxx";
            options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = true,
                ValidIssuer = "https://securetoken.google.com/vepo-xxx",
                ValidateAudience = true,
                ValidAudience = "vepo-xxx",
                ValidateLifetime = true
            };
        });
...}

我 Configure 有：

public void Configure(IApplicationBuilder app, IWebHostEnvironment env, VepoContext context, ISearchIndexService searchIndexService)
{...
    app.UseAuthentication();
    app.UseAuthorization();
...}

Answer 1

请参阅 Require authenticated users 的文档。你可以给所有控制器添加一个RequireAuthenticatedUser()：

public void ConfigureServices(IServiceCollection services)
{

    ...

    services.AddControllers(config =>
    {
        // using Microsoft.AspNetCore.Mvc.Authorization;
        // using Microsoft.AspNetCore.Authorization;
        var policy = new AuthorizationPolicyBuilder()
                         .RequireAuthenticatedUser()
                         .Build();
        config.Filters.Add(new AuthorizeFilter(policy));
    });

asp.net 默认授权（没有 [Authorize]）

asp.net authorize by default (without [Authorize])

asp.net

asp.net-authorization

asp.net-core

asp.net5

.net-5