如何限制对 .Net Core 2.1 中给定路由的所有访问?
How do I restrict all access to a given route in .Net Core 2.1?
在我的 .Net Core 2.1 应用程序中,控制器定义为
[Route("v1/api/[controller]")]
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
public class AccountController : Controller
{
// peace & love
}
我需要拒绝 所有 用户访问与模式匹配的任何路由
v1/api/operations/*
在Startup中,我们将MvcCore添加为
services.AddMvcCore()
.AddAuthorization()
.AddApiExplorer();
然后将应用配置为使用 MVC 作为
app.UseMvc();
如何确保没有用户可以访问 /operations 路由上的任何资源?
“如何确保没有用户可以访问 /operations 路由上的任何资源?”
Using IActionFilter middleware you could achive that.
RoutingRestrictionMiddleware:
public class RoutingRestrictionMiddleware : IActionFilter
{
public void OnActionExecuting(ActionExecutingContext context)
{
if (context.HttpContext.Request.Path.StartsWithSegments("/api/Operations"))
{
context.Result = new JsonResult(new { HttpStatusCode.Unauthorized });
}
}
public void OnActionExecuted(ActionExecutedContext context)
{
}
}
注:
Point to remember
"context.HttpContext.Request.Path.StartsWithSegments("/api/Operations");
here you can set the route you would like to restrict.
Startup.cs:
services.AddMvc(config =>
{
config.Filters.Add(new RoutingRestrictionMiddleware());
});
没有路由限制的控制器:
[Route("api/[controller]")]
[ApiController]
public class OperationsController : ControllerBase
{
[HttpGet]
public ActionResult<IEnumerable<string>> Get()
{
return new string[] { "kiron", "farid" };
}
}
}
输出:
有路由限制的控制器:
[Route("api/[controller]")]
[ApiController]
public class OperationsController : ControllerBase
{
[HttpGet]
public ActionResult<IEnumerable<string>> Get()
{
return new string[] { "kiron", "farid" };
}
}
}
路由限制输出:
希望这能为您提供相应的指导
在我的 .Net Core 2.1 应用程序中,控制器定义为
[Route("v1/api/[controller]")]
[Authorize(AuthenticationSchemes = JwtBearerDefaults.AuthenticationScheme)]
public class AccountController : Controller
{
// peace & love
}
我需要拒绝 所有 用户访问与模式匹配的任何路由
v1/api/operations/*
在Startup中,我们将MvcCore添加为
services.AddMvcCore()
.AddAuthorization()
.AddApiExplorer();
然后将应用配置为使用 MVC 作为
app.UseMvc();
如何确保没有用户可以访问 /operations 路由上的任何资源?
“如何确保没有用户可以访问 /operations 路由上的任何资源?”
Using
IActionFilter middlewareyou could achive that.
RoutingRestrictionMiddleware:
public class RoutingRestrictionMiddleware : IActionFilter
{
public void OnActionExecuting(ActionExecutingContext context)
{
if (context.HttpContext.Request.Path.StartsWithSegments("/api/Operations"))
{
context.Result = new JsonResult(new { HttpStatusCode.Unauthorized });
}
}
public void OnActionExecuted(ActionExecutedContext context)
{
}
}
注:
Point to remember
"context.HttpContext.Request.Path.StartsWithSegments("/api/Operations");here you can set therouteyou would like to restrict.
Startup.cs:
services.AddMvc(config =>
{
config.Filters.Add(new RoutingRestrictionMiddleware());
});
没有路由限制的控制器:
[Route("api/[controller]")]
[ApiController]
public class OperationsController : ControllerBase
{
[HttpGet]
public ActionResult<IEnumerable<string>> Get()
{
return new string[] { "kiron", "farid" };
}
}
}
输出:
有路由限制的控制器:
[Route("api/[controller]")]
[ApiController]
public class OperationsController : ControllerBase
{
[HttpGet]
public ActionResult<IEnumerable<string>> Get()
{
return new string[] { "kiron", "farid" };
}
}
}
路由限制输出:
希望这能为您提供相应的指导