使用 IHttpContextAccessor 在 .NET Core 6 中创建自定义授权策略时获取控制器和操作名称
Get Controller and Action Name whern creating Custom Authorization Policy in .NET Core 6 using IHttpContextAccessor
我正在尝试在 .NET Core 6 中使用处理程序中的以下逻辑配置自定义授权策略:
- 获取控制器名称并获取用户尝试访问的控制器操作
- 如果 Claim.Type = Controller Name and Value = Controller Action 然后授予访问权限。
我正在尝试使用注入到处理程序中的 IHttpContextAccessor 访问控制器名称和操作 class。如何获取控制器名称和操作方法名称?我发现有几篇文章提到了如何在以前版本的 .NET Core 中执行此操作。但是那些在 .NET 6 上不起作用。它总是提供 NULL 值
当前的 AccessHandler(.NET 的早期版本)
using Microsoft.AspNetCore.Authorization;
namespace myApp.Security
{
public class AccessHandler : AuthorizationHandler<AccessRequirement>
{
private readonly IHttpContextAccessor httpContextAccessor;
public AccessHandler(IHttpContextAccessor httpContextAccessor)
{
this.httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AccessRequirement requirement)
{
string? controllerName = httpContextAccessor.HttpContext?.Request.Query["controller"].ToString();
string? actionName = httpContextAccessor.HttpContext?.Request.Query["action"].ToString();
if (controllerName != null && actionName != null)
{
if (context.User.HasClaim(claim => claim.Type == controllerName && claim.Value == actionName))
{
context.Succeed(requirement);
}
}
return Task.CompletedTask;
}
}
}
终于找到了解决方案,寻找的过程真的很令人满意。以下是如何在 .NET 6 Core 中执行此操作。修改 Requirement handler 如下:
using Microsoft.AspNetCore.Authorization;
namespace myApp.Security
{
public class AccessHandler : AuthorizationHandler<AccessRequirement>
{
private readonly IHttpContextAccessor httpContextAccessor;
public AccessHandler(IHttpContextAccessor httpContextAccessor)
{
this.httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AccessRequirement requirement)
{
string? controllerName = httpContextAccessor.HttpContext?.Request.RouteValues["controller"]?.ToString();
string? actionName = httpContextAccessor.HttpContext?.Request.RouteValues["action"]?.ToString();
if (controllerName != null && actionName != null)
{
if (context.User.HasClaim(claim => (claim.Type == controllerName && claim.Value == actionName)))
{
context.Succeed(requirement);
}
}
return Task.CompletedTask;
}
}
}
我正在尝试在 .NET Core 6 中使用处理程序中的以下逻辑配置自定义授权策略:
- 获取控制器名称并获取用户尝试访问的控制器操作
- 如果 Claim.Type = Controller Name and Value = Controller Action 然后授予访问权限。
我正在尝试使用注入到处理程序中的 IHttpContextAccessor 访问控制器名称和操作 class。如何获取控制器名称和操作方法名称?我发现有几篇文章提到了如何在以前版本的 .NET Core 中执行此操作。但是那些在 .NET 6 上不起作用。它总是提供 NULL 值
当前的 AccessHandler(.NET 的早期版本)
using Microsoft.AspNetCore.Authorization;
namespace myApp.Security
{
public class AccessHandler : AuthorizationHandler<AccessRequirement>
{
private readonly IHttpContextAccessor httpContextAccessor;
public AccessHandler(IHttpContextAccessor httpContextAccessor)
{
this.httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AccessRequirement requirement)
{
string? controllerName = httpContextAccessor.HttpContext?.Request.Query["controller"].ToString();
string? actionName = httpContextAccessor.HttpContext?.Request.Query["action"].ToString();
if (controllerName != null && actionName != null)
{
if (context.User.HasClaim(claim => claim.Type == controllerName && claim.Value == actionName))
{
context.Succeed(requirement);
}
}
return Task.CompletedTask;
}
}
}
终于找到了解决方案,寻找的过程真的很令人满意。以下是如何在 .NET 6 Core 中执行此操作。修改 Requirement handler 如下:
using Microsoft.AspNetCore.Authorization;
namespace myApp.Security
{
public class AccessHandler : AuthorizationHandler<AccessRequirement>
{
private readonly IHttpContextAccessor httpContextAccessor;
public AccessHandler(IHttpContextAccessor httpContextAccessor)
{
this.httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AccessRequirement requirement)
{
string? controllerName = httpContextAccessor.HttpContext?.Request.RouteValues["controller"]?.ToString();
string? actionName = httpContextAccessor.HttpContext?.Request.RouteValues["action"]?.ToString();
if (controllerName != null && actionName != null)
{
if (context.User.HasClaim(claim => (claim.Type == controllerName && claim.Value == actionName)))
{
context.Succeed(requirement);
}
}
return Task.CompletedTask;
}
}
}