有没有办法在asp.net核心中"绕过"授权?我注意到Authorize属性不再具有AuthorizeCore方法,您可以使用该方法来决定是否继续使用auth.
Pre .net核心你可以这样做:
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// no auth in debug mode please
#if DEBUG
return true;
#endif
return base.AuthorizeCore(httpContext);
}
我希望我不会错过任何明显的显而易见的东西,但如果需要的话,能够在DEBUG中跳过auth工作流程会更好.我只是无法找到.net核心
只需添加一个匿名过滤器就可以做到这一点,简单易行.
services.AddMvc(opts =>
{
opts.Filters.Add(new AllowAnonymousFilter());
});
参考:https://www.illucit.com/asp-net/asp-net-core-2-0-disable-authentication-development-environment/
小智 5
您可以定义自己的处理程序来禁用授权:
public class DisableAuthorizationHandler<TRequirement> : AuthorizationHandler<TRequirement>
where TRequirement : IAuthorizationRequirement
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, TRequirement requirement)
{
context.Succeed(requirement);
return Task.CompletedTask;
}
}
然后注册它:
public void ConfigureServices(IServiceCollection services)
{
//...
#if DEBUG
services.AddTransient<IAuthorizationHandler, DisableAuthorizationHandler<IAuthorizationRequirement>>();
#endif
//...
}
正如评论中指出的,您可以为所有需求处理程序创建一个基类。
public abstract class RequirementHandlerBase<T> : AuthorizationHandler<T> where T : IAuthorizationRequirement
{
protected sealed override Task HandleRequirementAsync(AuthorizationHandlerContext context, T requirement)
{
#if DEBUG
context.Succeed(requirement);
return Task.FromResult(true);
#else
return HandleAsync(context, requirement);
#endif
}
protected abstract Task HandleAsync(AuthorizationHandlerContext context, T requirement);
}
然后从这个基类派生您的需求处理程序。
public class AgeRequirementHandler : RequirementHandlerBase<AgeRequirement>
{
protected override HandleAsync(AuthorizationHandlerContext context, AgeRequirement requirement)
{
...
}
}
public class AgeRequirement : IRequrement
{
public int MinimumAge { get; set; }
}
然后只需注册即可。
services.AddAuthorization(options =>
{
options.AddPolicy("Over18",
policy => policy.Requirements.Add(new AgeRequirement { MinimumAge = 18 }));
});