如何查看哪个 AuthorizeAttribute 失败了 ASP.NET Core
Ada*_*ton 2 asp.net-authorization .net-core asp.net-core
我正在尝试找出是否有一种简单的方法可以让 ASP.NET Core 记录哪个[Authorize]属性失败。我混合了“角色”和“策略”授权属性,但每当其中一个失败时,日志就会显示:
显然,这是正确的行为,并且它不会让具有不正确权限的人进入,但是如果您有多个属性,则必须去找出哪个属性失败了,这有点痛苦。如果日志只是显示Authorization failed for Policy X,那么就很容易找到失败的原因。
有谁知道目前是否可以通过我不知道的某些选项来实现这一点?
编辑:例如:如果我有[Authorize(Policy = "Policy 1")]并且[Authorize(Policy = "Policy 2")]只有“策略 2”失败。我希望看到一些东西告诉我“政策 2”失败了。
编辑:对于任何仍然遇到这个问题的人,这现已由 Microsoft 实现并且是 .NET 5.0 的一部分,请参阅问题https://github.com/aspnet/AspNetCore/issues/7789
对于Roles和Policy,它们被转换为诸如 之类的要求RolesAuthorizationRequirement或诸如 之类的自定义要求MinimumAgeRequirement。
因为Authorization failed.,这是通过DefaultAuthorizationServicein登录的AuthorizeAsync,您可能无法获得确切的名称,如Policy 1和Policy 2。您可以获得 的要求Policy。
尝试检查以下解决方法是否满足您的要求。
实施定制
DefaultAuthorizationService
Run Code Online (Sandbox Code Playgroud)public class CustomAuthorizationService : DefaultAuthorizationService, IAuthorizationService { private readonly AuthorizationOptions _options; private readonly IAuthorizationHandlerContextFactory _contextFactory; private readonly IAuthorizationHandlerProvider _handlers; private readonly IAuthorizationEvaluator _evaluator; private readonly IAuthorizationPolicyProvider _policyProvider; private readonly ILogger _logger; public CustomAuthorizationService(IAuthorizationPolicyProvider policyProvider , IAuthorizationHandlerProvider handlers , ILogger<DefaultAuthorizationService> logger , IAuthorizationHandlerContextFactory contextFactory , IAuthorizationEvaluator evaluator , IOptions<AuthorizationOptions> options) : base(policyProvider, handlers, logger, contextFactory, evaluator, options) { _options = options.Value; _handlers = handlers; _policyProvider = policyProvider; _logger = logger; _evaluator = evaluator; _contextFactory = contextFactory; } public new async Task<AuthorizationResult> AuthorizeAsync(ClaimsPrincipal user, object resource, IEnumerable<IAuthorizationRequirement> requirements) { if (requirements == null) { throw new ArgumentNullException(nameof(requirements)); } var authContext = _contextFactory.CreateContext(requirements, user, resource); var handlers = await _handlers.GetHandlersAsync(authContext); foreach (var handler in handlers) { await handler.HandleAsync(authContext); if (!_options.InvokeHandlersAfterFailure && authContext.HasFailed) { break; } } var result = _evaluator.Evaluate(authContext); if (result.Succeeded) { _logger.LogInformation($"Authorization is succeeded for { JsonConvert.SerializeObject(requirements) }" ); //_logger.UserAuthorizationSucceeded(); } else { //var r = result.Failure.FailedRequirements.Select(requirement => new { Requirement = requirement.GetType() }); var json = JsonConvert.SerializeObject(result.Failure.FailedRequirements); _logger.LogInformation($"Authorization is failed for { json }"); //_logger.UserAuthorizationFailed(); } return result; } }更换内置
DefaultAuthorizationService
Run Code Online (Sandbox Code Playgroud)services.AddAuthorization(config => { config.AddPolicy("T1", policy => policy.AddRequirements(new MinimumAgeRequirement(21))); }); services.Replace(ServiceDescriptor.Transient<IAuthorizationService, CustomAuthorizationService>());
| 归档时间: |
|
| 查看次数: |
3419 次 |
| 最近记录: |