有没有办法在 C# ASP.NET Core MVC 中功能性地执行 RedirectToAction?
Is there a way to functionally perform RedirectToAction in C# ASP.NET Core MVC?
我有一个现有的 ASP.NET 核心应用程序,我需要在其中阻止一组用户对我的某些控制器进行操作。我可以在每个任务基础上执行此操作,但我正在寻找一种方法来运行整个块以避免尽可能多的重复。
我如何为任务执行此操作的示例是:
public async Task<IActionResult> Index()
{
if(RestrictedUserCheckConditions) return RedirectToAction(nameof("RestrictionView"), "UserErrors");
//continue with action for unrestricted users.
...
}
有什么方法可以让我使用它来实现如下所示的功能以避免过多的重复?否则我有很多代码要添加到很多任务中!
public async Task<IActionResult> Index()
{
RestrictedUserCheck();
//continue with action for unrestricted users.
...
}
提前致谢
您可以创建自定义授权属性以防止用户访问操作方法:
例如:使用以下代码创建一个 CustomAuthorizeAttribute:
public class CustomAuthorizeAttribute : TypeFilterAttribute
{
//this method will access the block users, and transfer the data to the ClaimRequirementFilter
public CustomAuthorizeAttribute(string blockUser) : base(typeof(ClaimRequirementFilter))
{
Arguments = new object[] { new Claim(ClaimTypes.Name, blockUser) };
}
}
public class ClaimRequirementFilter : IAuthorizationFilter
{
readonly Claim _claim; //we can get the block users from this property.
public ClaimRequirementFilter(Claim claim)
{
_claim = claim;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
//query current user's claims and check whether current user is in the block user list
var hasClaim = context.HttpContext.User.Claims.Any(c => c.Type == _claim.Type && _claim.Value.ToLower().Split(',').Contains(c.Value.ToLower()));
//if current user is the block user, prevent user access the action method, and return a forbidresult.
if (hasClaim)
{
context.Result = new ForbidResult();
}
}
}
然后将上述属性应用于操作方法:
[CustomAuthorize("bb@hotmail.com,cc@hotmail.com")]
public IActionResult Privacy()
{
return View();
}
结果如下:
[注意] 在上面的示例中,我们使用的是Asp.net core Identity,登录后,它已经添加了当前用户声明。如果你不使用Asp.net core Identity,你必须自己将声明添加到HttpContext。
此外,您还可以使用Policy based和Role based授权,参考以下链接:
Policy-based authorization in ASP.NET Core
Policy-Based And Role-Based Authorization In ASP.NET Core 3.0 Using Custom Handler
我有一个现有的 ASP.NET 核心应用程序,我需要在其中阻止一组用户对我的某些控制器进行操作。我可以在每个任务基础上执行此操作,但我正在寻找一种方法来运行整个块以避免尽可能多的重复。
我如何为任务执行此操作的示例是:
public async Task<IActionResult> Index()
{
if(RestrictedUserCheckConditions) return RedirectToAction(nameof("RestrictionView"), "UserErrors");
//continue with action for unrestricted users.
...
}
有什么方法可以让我使用它来实现如下所示的功能以避免过多的重复?否则我有很多代码要添加到很多任务中!
public async Task<IActionResult> Index()
{
RestrictedUserCheck();
//continue with action for unrestricted users.
...
}
提前致谢
您可以创建自定义授权属性以防止用户访问操作方法:
例如:使用以下代码创建一个 CustomAuthorizeAttribute:
public class CustomAuthorizeAttribute : TypeFilterAttribute
{
//this method will access the block users, and transfer the data to the ClaimRequirementFilter
public CustomAuthorizeAttribute(string blockUser) : base(typeof(ClaimRequirementFilter))
{
Arguments = new object[] { new Claim(ClaimTypes.Name, blockUser) };
}
}
public class ClaimRequirementFilter : IAuthorizationFilter
{
readonly Claim _claim; //we can get the block users from this property.
public ClaimRequirementFilter(Claim claim)
{
_claim = claim;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
//query current user's claims and check whether current user is in the block user list
var hasClaim = context.HttpContext.User.Claims.Any(c => c.Type == _claim.Type && _claim.Value.ToLower().Split(',').Contains(c.Value.ToLower()));
//if current user is the block user, prevent user access the action method, and return a forbidresult.
if (hasClaim)
{
context.Result = new ForbidResult();
}
}
}
然后将上述属性应用于操作方法:
[CustomAuthorize("bb@hotmail.com,cc@hotmail.com")]
public IActionResult Privacy()
{
return View();
}
结果如下:
[注意] 在上面的示例中,我们使用的是Asp.net core Identity,登录后,它已经添加了当前用户声明。如果你不使用Asp.net core Identity,你必须自己将声明添加到HttpContext。
此外,您还可以使用Policy based和Role based授权,参考以下链接:
Policy-based authorization in ASP.NET Core
Policy-Based And Role-Based Authorization In ASP.NET Core 3.0 Using Custom Handler