2023年6月20日发(作者:)

e中如何通过AuthorizeAttribute做⾃定义验证?咨询区jltrem:我想在 Core 中⽤ authorization 特性实现⼀个⾃定义验证,在之前的版本中,我可以⽤系统提供的 boolAuthorizeCore(HttpContextBase httpContext) ⽅法,但在这个版本中已经没有该⽅法了。请问当前我该如何实现这个⾃定义的 AuthorizeAttribute 呢?回答区gius:看样⼦你⽤的是 Core 2,当然现在你也可以实现,继承 AuthorizeAttribute 并实现 IAuthorizationFilter 接⼝即可,参考代码如下:[AttributeUsage( | , AllowMultiple = true, Inherited = true)]public class CustomAuthorizeAttribute : AuthorizeAttribute, IAuthorizationFilter{ private readonly string _someFilterParameter; public CustomAuthorizeAttribute(string someFilterParameter) { _someFilterParameter = someFilterParameter; } public void OnAuthorization(AuthorizationFilterContext context) { var user = ; if (!enticated) { // it isn't needed to set unauthorized result

// as the base class already requires the user to be authenticated // this also makes redirect to a login page work properly // = new UnauthorizedResult(); return; } // you can also use registered services var someService = vice(); var isAuthorized = Authorized(, _someFilterParameter); if (!isAuthorized) { = new StatusCodeResult((int)den); return; } }}Kévin Chalet对于纯碎的授权,⽐如说只能给某些⽤户⼀些特定的访问权限,现在推荐的做法是使⽤新的授权块。public class Startup{ public void ConfigureServices(IServiceCollection services) { ure(options => { icy("ManageStore", policy => eClaim("Action", "ManageStore")); }); }}public class StoreController : Controller{ [Authorize(Policy = "ManageStore"), HttpGet] public async Task Manage() { ... }}对于授权,最好在中间件层⾯做处理,回过头来说,你确定现在的做法是正确的吗?点评区确实在 Core 5 时代,更好的⽅式应该是⽤ 中间件 实现,⽽不是深⼊到业务体之后再⽤过滤器的⽅式来实现,当然你也可以⽤过滤器。

2023年6月20日发(作者:)

e中如何通过AuthorizeAttribute做⾃定义验证?咨询区jltrem:我想在 Core 中⽤ authorization 特性实现⼀个⾃定义验证,在之前的版本中,我可以⽤系统提供的 boolAuthorizeCore(HttpContextBase httpContext) ⽅法,但在这个版本中已经没有该⽅法了。请问当前我该如何实现这个⾃定义的 AuthorizeAttribute 呢?回答区gius:看样⼦你⽤的是 Core 2,当然现在你也可以实现,继承 AuthorizeAttribute 并实现 IAuthorizationFilter 接⼝即可,参考代码如下:[AttributeUsage( | , AllowMultiple = true, Inherited = true)]public class CustomAuthorizeAttribute : AuthorizeAttribute, IAuthorizationFilter{ private readonly string _someFilterParameter; public CustomAuthorizeAttribute(string someFilterParameter) { _someFilterParameter = someFilterParameter; } public void OnAuthorization(AuthorizationFilterContext context) { var user = ; if (!enticated) { // it isn't needed to set unauthorized result

// as the base class already requires the user to be authenticated // this also makes redirect to a login page work properly // = new UnauthorizedResult(); return; } // you can also use registered services var someService = vice(); var isAuthorized = Authorized(, _someFilterParameter); if (!isAuthorized) { = new StatusCodeResult((int)den); return; } }}Kévin Chalet对于纯碎的授权,⽐如说只能给某些⽤户⼀些特定的访问权限,现在推荐的做法是使⽤新的授权块。public class Startup{ public void ConfigureServices(IServiceCollection services) { ure(options => { icy("ManageStore", policy => eClaim("Action", "ManageStore")); }); }}public class StoreController : Controller{ [Authorize(Policy = "ManageStore"), HttpGet] public async Task Manage() { ... }}对于授权,最好在中间件层⾯做处理,回过头来说,你确定现在的做法是正确的吗?点评区确实在 Core 5 时代,更好的⽅式应该是⽤ 中间件 实现,⽽不是深⼊到业务体之后再⽤过滤器的⽅式来实现,当然你也可以⽤过滤器。