Jen*_*nan 5 asp.net asp.net-authorization asp.net-core
我想创建一个自定义授权属性来检查角色和网址路径.
我已经找到了使用基于策略的授权在Asp.Net Core中执行此操作的方法,但我已经尝试实现它,但是我无法使用inclming url获取HttpContext.
AuthorizationHandlerContext 无法访问HttpContext可能.
如何通过url路径获取当前的HttpContext?是可以这样做还是用其他方式?
我已尝试使用此代码创建自定义策略:
public class RoleUrlValidationHandler : AuthorizationHandler<RoleUrlValidationRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RoleUrlValidationRequirement requirement)
{
var path = //Here I need get current url path for example - /api/posts/4545411
var pathPart = path.Split('/');
var clientId = pathPart[3];
if (context.User.IsInRole(clientId))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
我想创建以下内容:
[Authorize(Policy="RoleUrlValidation")] //Get ClientId from Url and check User's roles
public class PostsController : Controller
{
public ActionResult Get()
{
}
}
政策方针是正确的.只有你错过的是,你可以在处理程序中使用依赖注入.
public class RoleUrlValidationHandler : AuthorizationHandler<RoleUrlValidationRequirement>
{
private readonly IHttpContextAccessor contextAccessor;
public class RoleUrlValidationHandler(IHttpContextAccessor contextAccessor)
{
this.contextAccessor = contextAccessor;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RoleUrlValidationRequirement requirement)
{
var httpContext = contextAccessor.HttpContext;
var path = httpContext.Request.Path;
var pathPart = path.Split('/');
var clientId = pathPart[3];
if (context.User.IsInRole(clientId))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
您也可能必须IHttpContextAccessor注册默认情况下未注册.
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
额外位:
考虑使用var routeData = httpContext.GetRouteData()而不是path.Split('/')用于从中读取值,以便您可以轻松地从路径中读取参数值.