我正在处理需求,其中我检查了我们的请求标头是否包含授权标头,并基于该要求调用另一个服务器并返回 403。目前我已经通过创建自定义 ActionAttribute 来完成它,如下所示:
public class ValidateAuthHeaderAttribute: ActionFilterAttribute
{
private readonly ILogger<ValidateAuthHeaderAttribute> _logger;
public ValidateAuthHeaderAttribute(ILogger<ValidateAuthHeaderAttribute> logger)
{
_logger = logger;
}
public override void OnActionExecuting(ActionExecutingContext context)
{
var httpContext = context.HttpContext;
if (httpContext.Request.Headers.ContainsKey("Authorization"))
{
return;
}
var failureResponse = new FailureResponseModel
{
Result = false,
ResultDetails = "Authorization header not present in request",
Uri = httpContext.Request.Path.ToUriComponent(),
Timestamp = DateTime.Now.ToString("s", CultureInfo.InvariantCulture),
Error = new Error
{
Code = 108,
Description = "Authorization header not present in request",
Resolve = "Send Request with authorization header to avoid this error."
}
};
var responseString = JsonConvert.SerializeObject(failureResponse);
context.Result = new ContentResult
{
Content = responseString,
ContentType = "application/json",
StatusCode = 403
};
}
}
我在这样的控制器/方法中使用了这个自定义属性。
[TypeFilter(typeof(ValidateAuthHeaderAttribute))]
现在这工作正常,但我正在阅读 .Net Core doc 中关于基于策略的授权。因此,现在建议使用策略。我认为可以将我的代码移植到自定义策略。
IMO,我建议您继续使用ValidateAuthHeaderAttribute它更容易。
如果您坚持政策,请按照以下步骤操作:
要求
public class AuthorizationHeaderRequirement: IAuthorizationRequirement
{
}
public class AuthorizationHeaderHandler : AuthorizationHandler<AuthorizationHeaderRequirement>
{
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, AuthorizationHeaderRequirement requirement)
{
// Requires the following import:
// using Microsoft.AspNetCore.Mvc.Filters;
if (context.Resource is AuthorizationFilterContext mvcContext)
{
// Examine MVC-specific things like routing data.
var httpContext = mvcContext.HttpContext;
if (httpContext.Request.Headers.ContainsKey("Authorization"))
{
context.Succeed(requirement);
return;
}
var failureResponse = new FailureResponseModel
{
Result = false,
ResultDetails = "Authorization header not present in request",
Uri = httpContext.Request.Path.ToUriComponent(),
Timestamp = DateTime.Now.ToString("s", CultureInfo.InvariantCulture),
Error = new Error
{
Code = 108,
Description = "Authorization header not present in request",
Resolve = "Send Request with authorization header to avoid this error."
}
};
var responseString = JsonConvert.SerializeObject(failureResponse);
mvcContext.Result = new ContentResult
{
Content = responseString,
ContentType = "application/json",
StatusCode = 403
};
await mvcContext.Result.ExecuteResultAsync(mvcContext);
}
return;
}
}
配置 Startup.cs
services.AddAuthorization(options =>
{
options.AddPolicy("AuthorizationHeaderRequirement", policy =>
policy.Requirements.Add(new AuthorizationHeaderRequirement()));
});
services.AddSingleton<IAuthorizationHandler, AuthorizationHeaderHandler>();
控制器
[Authorize(Policy = "AuthorizationHeaderRequirement")]
public IActionResult Privacy()
{
return View();
}
| 归档时间: |
|
| 查看次数: |
678 次 |
| 最近记录: |