Hrv*_*lja 12 c# .net-core asp.net-core asp.net-core-2.0
如何访问当前的HttpContext以检查ASP.NET Core 2中基于自定义策略的授权的AuthorizationHandlerContext内的路由和参数?
参考示例:基于策略的自定义授权
Cal*_*alC 33
你应该将IHttpContextAccessor的一个实例注入你的AuthorizationHandler.
在您的示例的上下文中,这可能如下所示:
public class BadgeEntryHandler : AuthorizationHandler<EnterBuildingRequirement>
{
IHttpContextAccessor _httpContextAccessor = null;
public BadgeEntryHandler(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor;
}
protected override Task HandleRequirementAsync(
AuthorizationContext context,
EnterBuildingRequirement requirement)
{
HttpContext httpContext = _httpContextAccessor.HttpContext; // Access context here
if (context.User.HasClaim(c => c.Type == ClaimTypes.BadgeId &&
c.Issuer == "http://microsoftsecurity"))
{
context.Succeed(requirement);
return Task.FromResult(0);
}
}
}
您可能需要在DI设置中注册(如果尚未安装其中一个依赖项),如下所示:
services.AddHttpContextAccessor();
您可以将 an 注入IHttpContextAccessor到您的AuthorizationHandler构造函数中。
例如
public class MyAuthorizationHandler : AuthorizationHandler<MyRequirement>
{
private IHttpContextAccessor _contextAccessor;
public MyAuthorizationHandler (IHttpContextAccessor contextAccessor)
{
_contextAccessor = contextAccessor;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
MinimumPermissionLevelRequirement requirement) {
var httpContext = _contextAccessor.HttpContext;
// do things
}
}
这是来自Microsoft 文档(针对 ASP.NET Core 6):
该
HandleRequirementAsync方法有两个参数:anAuthorizationHandlerContext和TRequirement正在处理的对象。MVC 或 SignalR 等框架可以自由地将任何对象添加到 Resource 属性以AuthorizationHandlerContext传递额外信息。使用端点路由时,授权通常由授权中间件处理。在本例中,该
Resource属性是 HttpContext 的实例。上下文可用于访问当前端点,该端点可用于探测您要路由到的底层资源。例如:Run Code Online (Sandbox Code Playgroud)if (context.Resource is HttpContext httpContext) { var endpoint = httpContext.GetEndpoint(); var actionDescriptor = endpoint.Metadata.GetMetadata<ControllerActionDescriptor>(); ... }
正如其他人提到的,注入IHttpContextAccessor是另一种访问HttpContext.
| 归档时间: |
|
| 查看次数: |
6754 次 |
| 最近记录: |