Pie*_*aut 5 c# authorization asp.net-core
假设策略SomePolicy包含IAuthorizationRequirement添加的列表,如下所示:
services.AddAuthorization(options =>
{
options.AddPolicy("SomePolicy", policy =>
{
policy.AddRequirements(new FooRequirement());
policy.AddRequirements(new BarRequirement());
policy.AddRequirements(new YetAnotherRequirement());
});
});
在执行策略时,我想知道哪个需求失败并阻止检查其余需求。
查看我可以用 API 做什么,似乎在执行策略后,我唯一能做的就是检索失败的需求列表。
var authorizationResult = _authorizationService.AuthorizeAsync(this.User, ressource, "SomePolicy");
var failedRequirements = authorizationResult.Result.Failure.FailedRequirements
基于策略的方法是否不适合我想要实现的目标?我应该为每个要求创建专门的策略吗?
任何帮助将不胜感激,谢谢!
每个需求都需要context.Succeed(requirement)由处理程序之一调用,并且context.Failed()任何处理程序都不能调用。
InvokeHandlersAfterFailure是一种在调用特定需求后短路处理程序调用的方法context.Failed(),但这在我看来并不是很有用。
我试图通过添加扩展方法来进行短路评估IAuthorizationService:
public static async Task<AuthorizationResult> AuthorizeAnyAsync(this IAuthorizationService service, ClaimsPrincipal user,
object? resource, params IAuthorizationRequirement[] requirements)
{
AuthorizationResult? result = null;
foreach (var requirement in requirements)
{
result = await service.AuthorizeAsync(user, resource, requirement);
if (result.Succeeded || result.Failure.FailCalled)
return result;
}
return result!;
}
| 归档时间: |
|
| 查看次数: |
332 次 |
| 最近记录: |