Blazor 服务器中基于动态角色的授权
Dynamic Role based Authorization in Blazor Server
我是 Blazor 服务器的新手。我已经实施了 asp.net 核心身份基于角色的授权。但我不想在 Authorize 属性上硬编码角色。我想稍后创建角色并指定它可以在不触及源代码的情况下访问哪个控制器和操作。
如上图所示,我如何在 Blazor 服务器中创建基于动态角色的授权
您需要通过策略实施和授权。
您可以创建可以分配给任何 Role 的权限。结合检查权限的 Policy。
这允许您在运行时创建角色并为这些新角色分配权限。然后为用户分配角色时,策略将看到附加到该角色的权限。
您的屏幕将变成 6 个权限的分组,这些权限将分配给每个角色。这将需要 6 个策略。
我会考虑使用如下 class:
Permission.cs
public sealed class Permission
{
public static readonly IReadOnlyList<Permission> Permissions = new List<Permission>
{ RolesView, RolesCreate, RolesUpdate, RolesDelete, UserRoleView, UserRoleUpdate };
public static explicit operator string(Permission p) => p.Key;
public static Permission RolesView => new Permission
{
Key = "Permission.Roles.View",
Display = "Role List",
GroupName = "Role Management"
};
public static Permission RolesCreate => new Permission
{
Key = "Permission.Roles.Create",
Display = "Create Role",
GroupName = "Role Management"
};
public static Permission RolesUpdate => new Permission
{
Key = "Permission.Roles.Update",
Display = "Edit Role",
GroupName = "Role Management"
};
public static Permission RolesDelete => new Permission
{
Key = "Permission.Roles.Delete",
Display = "Delete",
GroupName = "Role Management"
};
public static Permission UserRoleView => new Permission
{
Key = "Permission.UserRole.View",
Display = "User List",
GroupName = "User Role Management"
};
public static Permission UserRoleUpdate => new Permission
{
Key = "Permission.UserRole.Update",
Display = "Edit User Roles",
GroupName = "User Role Management"
};
public string Key { get; private set; }
public string Display { get; private set; }
public string GroupName { get; private set; }
}
services.AddAuthorization(options =>
{
...
options.AddPolicy(name: "UserRoleView", policy =>
policy.RequireClaim(Permission.UserRoleView));
...
});
[Authorize(Policy = "UserRoleView")]
使用 RoleManagers 方法 AddClaimAsync & RemoveClaimAsync 使用 Permission 作为利用显式字符串转换的声明。
作为对 Brian 回答的补充,有一个 PolicyBuilder 工厂可用于构建您的策略。这是我的一个应用程序中的一个简单示例:
public static class AppPolicies
{
public const string IsAdmin = "IsAdmin";
public const string IsUser = "IsUser";
public const string IsVisitor = "IsVisitor";
public static AuthorizationPolicy IsAdminPolicy
=> new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireRole("Admin")
.Build();
public static AuthorizationPolicy IsUserPolicy
=> new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireRole("Admin", "User")
.Build();
public static AuthorizationPolicy IsVisitorPolicy
=> new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireRole("Admin", "User", "Visitor")
.Build();
public static Dictionary<string, AuthorizationPolicy> Policies
{
get
{
var policies = new Dictionary<string, AuthorizationPolicy>();
policies.Add(IsAdmin, IsAdminPolicy);
policies.Add(IsUser, IsUserPolicy);
policies.Add(IsVisitor, IsVisitorPolicy);
return policies;
}
}
}
并像这样使用它:
services.AddAuthorization(config =>
{
foreach (var policy in AppPolicies.Policies)
{
config.AddPolicy(policy.Key, policy.Value);
}
});
我是 Blazor 服务器的新手。我已经实施了 asp.net 核心身份基于角色的授权。但我不想在 Authorize 属性上硬编码角色。我想稍后创建角色并指定它可以在不触及源代码的情况下访问哪个控制器和操作。
如上图所示,我如何在 Blazor 服务器中创建基于动态角色的授权
您需要通过策略实施和授权。
您可以创建可以分配给任何 Role 的权限。结合检查权限的 Policy。
这允许您在运行时创建角色并为这些新角色分配权限。然后为用户分配角色时,策略将看到附加到该角色的权限。
您的屏幕将变成 6 个权限的分组,这些权限将分配给每个角色。这将需要 6 个策略。
我会考虑使用如下 class:
Permission.cs
public sealed class Permission
{
public static readonly IReadOnlyList<Permission> Permissions = new List<Permission>
{ RolesView, RolesCreate, RolesUpdate, RolesDelete, UserRoleView, UserRoleUpdate };
public static explicit operator string(Permission p) => p.Key;
public static Permission RolesView => new Permission
{
Key = "Permission.Roles.View",
Display = "Role List",
GroupName = "Role Management"
};
public static Permission RolesCreate => new Permission
{
Key = "Permission.Roles.Create",
Display = "Create Role",
GroupName = "Role Management"
};
public static Permission RolesUpdate => new Permission
{
Key = "Permission.Roles.Update",
Display = "Edit Role",
GroupName = "Role Management"
};
public static Permission RolesDelete => new Permission
{
Key = "Permission.Roles.Delete",
Display = "Delete",
GroupName = "Role Management"
};
public static Permission UserRoleView => new Permission
{
Key = "Permission.UserRole.View",
Display = "User List",
GroupName = "User Role Management"
};
public static Permission UserRoleUpdate => new Permission
{
Key = "Permission.UserRole.Update",
Display = "Edit User Roles",
GroupName = "User Role Management"
};
public string Key { get; private set; }
public string Display { get; private set; }
public string GroupName { get; private set; }
}
services.AddAuthorization(options =>
{
...
options.AddPolicy(name: "UserRoleView", policy =>
policy.RequireClaim(Permission.UserRoleView));
...
});
[Authorize(Policy = "UserRoleView")]
使用 RoleManagers 方法 AddClaimAsync & RemoveClaimAsync 使用 Permission 作为利用显式字符串转换的声明。
作为对 Brian 回答的补充,有一个 PolicyBuilder 工厂可用于构建您的策略。这是我的一个应用程序中的一个简单示例:
public static class AppPolicies
{
public const string IsAdmin = "IsAdmin";
public const string IsUser = "IsUser";
public const string IsVisitor = "IsVisitor";
public static AuthorizationPolicy IsAdminPolicy
=> new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireRole("Admin")
.Build();
public static AuthorizationPolicy IsUserPolicy
=> new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireRole("Admin", "User")
.Build();
public static AuthorizationPolicy IsVisitorPolicy
=> new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireRole("Admin", "User", "Visitor")
.Build();
public static Dictionary<string, AuthorizationPolicy> Policies
{
get
{
var policies = new Dictionary<string, AuthorizationPolicy>();
policies.Add(IsAdmin, IsAdminPolicy);
policies.Add(IsUser, IsUserPolicy);
policies.Add(IsVisitor, IsVisitorPolicy);
return policies;
}
}
}
并像这样使用它:
services.AddAuthorization(config =>
{
foreach (var policy in AppPolicies.Policies)
{
config.AddPolicy(policy.Key, policy.Value);
}
});