ServiceStack - 角色和权限
ServiceStack - roles and permissions
我正在实施 ServiceStack 的角色和权限。我发
{"UserName":"JASON1","Permissions":["CanAccess"],"Roles":["Admin"]}
通过http://localhost:15465/api/json/reply/AssignRoles
但我收到以下错误:
{
"AllRoles": [],
"AllPermissions": [],
"ResponseStatus": {
"ErrorCode": "Invalid Role",
"Message": "Invalid Role",
"StackTrace": "[AssignRoles: 3/11/2015 11:12:02 PM]:\n[REQUEST: {UserName:JASON1,Permissions:[CanAccess],Roles:[Admin]}]\nServiceStack.HttpError: Invalid Role\r\n at ServiceStack.RequiredRoleAttribute.AssertRequiredRoles(IRequest req, String[] requiredRoles)\r\n at ServiceStack.Auth.AssignRolesService.Post(AssignRoles request)\r\n at lambda_method(Closure , Object , Object )\r\n at ServiceStack.Host.ServiceRunner`1.Execute(IRequest request, Object instance, TRequest requestDto)",
"Errors": []
}
}
解决方案是什么?一些内置角色和权限在哪里?我找不到任何信息?谢谢
AssignRolesService shouldn't be called by anyone, by default it can only be called by someone in the RoleNames.Admin
, i.e. Admin Role.
使用自定义分配角色服务
您可以忽略此默认行为,而是使用您自己的自定义服务来分配角色,这只是 IAuthRepository.AssignRoles()
API 的包装器,例如:
public class CustomRolesService : Service
{
public IAuthRepository AuthRepo { get; set; }
public object Post(AssignRoles request)
{
var userAuth = AuthRepo.GetUserAuthByUserName(request.UserName);
if (userAuth == null)
throw HttpError.NotFound(request.UserName);
AuthRepo.AssignRoles(userAuth, request.Roles, request.Permissions);
return new AssignRolesResponse();
}
}
掌握 AuthSecret
为了帮助开发,ServiceStack 还支持 specifying a master password:
SetConfig(new HostConfig { AdminAuthSecret = "secretz" });
然后允许您使用 QueryString 绕过任何受保护的服务:
?authsecret=secretz
我正在实施 ServiceStack 的角色和权限。我发
{"UserName":"JASON1","Permissions":["CanAccess"],"Roles":["Admin"]}
通过http://localhost:15465/api/json/reply/AssignRoles
但我收到以下错误:
{
"AllRoles": [],
"AllPermissions": [],
"ResponseStatus": {
"ErrorCode": "Invalid Role",
"Message": "Invalid Role",
"StackTrace": "[AssignRoles: 3/11/2015 11:12:02 PM]:\n[REQUEST: {UserName:JASON1,Permissions:[CanAccess],Roles:[Admin]}]\nServiceStack.HttpError: Invalid Role\r\n at ServiceStack.RequiredRoleAttribute.AssertRequiredRoles(IRequest req, String[] requiredRoles)\r\n at ServiceStack.Auth.AssignRolesService.Post(AssignRoles request)\r\n at lambda_method(Closure , Object , Object )\r\n at ServiceStack.Host.ServiceRunner`1.Execute(IRequest request, Object instance, TRequest requestDto)",
"Errors": []
}
}
解决方案是什么?一些内置角色和权限在哪里?我找不到任何信息?谢谢
AssignRolesService shouldn't be called by anyone, by default it can only be called by someone in the RoleNames.Admin
, i.e. Admin Role.
使用自定义分配角色服务
您可以忽略此默认行为,而是使用您自己的自定义服务来分配角色,这只是 IAuthRepository.AssignRoles()
API 的包装器,例如:
public class CustomRolesService : Service
{
public IAuthRepository AuthRepo { get; set; }
public object Post(AssignRoles request)
{
var userAuth = AuthRepo.GetUserAuthByUserName(request.UserName);
if (userAuth == null)
throw HttpError.NotFound(request.UserName);
AuthRepo.AssignRoles(userAuth, request.Roles, request.Permissions);
return new AssignRolesResponse();
}
}
掌握 AuthSecret
为了帮助开发,ServiceStack 还支持 specifying a master password:
SetConfig(new HostConfig { AdminAuthSecret = "secretz" });
然后允许您使用 QueryString 绕过任何受保护的服务:
?authsecret=secretz