我对 asp.net 还很陌生,这是我的第一个 stackoverflow 问题,所以请对我宽容一点。
我有两个针对两种不同资源的授权处理程序。对给定资源的访问有时取决于对其他资源的访问。为了良好的编码实践(即不要将相同的代码复制到两个处理程序)并且因为授权逻辑将来(可能经常)会发生变化,我只想从处理程序内调用资源的授权。
天真地,我只是尝试将 AuthorizationService 注入到处理程序中,但由于循环依赖,在启动时出现了异常。
public class AttachmentAuthorizationHandler : AuthorizationHandler<OperationAuthorizationRequirement, Attachment>
{
private readonly UserManager<User> _userManager;
private readonly ApplicationDbContext _dbcontext;
private readonly IAuthorizationService _authorizationService;
public AttachmentAuthorizationHandler(ApplicationDbContext dbcontext,
UserManager<User> userManager,
IAuthorizationService authorizationService)
{
_dbcontext = dbcontext;
_userManager = userManager;
_authorizationService = authorizationService;
}
...
other authorization logic
...
if(_authorizationService.AuthorizeAsync(context.User, ticket, TicketOperations.Read).Result.Succeeded)
{
context.Succeed(req);
return Task.CompletedTask;
}
A circular dependency was detected for the service of type 'Microsoft.AspNetCore.Authorization.IAuthorizationService'.
Microsoft.AspNetCore.Authorization.IAuthorizationService(Microsoft.AspNetCore.Authorization.DefaultAuthorizationService) ->
Microsoft.AspNetCore.Authorization.IAuthorizationHandlerProvider(Microsoft.AspNetCore.Authorization.DefaultAuthorizationHandlerProvider) ->
System.Collections.Generic.IEnumerable<Microsoft.AspNetCore.Authorization.IAuthorizationHandler> ->
Microsoft.AspNetCore.Authorization.IAuthorizationHandler(Ticketsystem.Authorization.Attachments.AttachmentAuthorizationHandler) ->
Microsoft.AspNetCore.Authorization.IAuthorizationService
关于如何解决这个问题的建议?
小智 0
我最终直接从 HttpContext 解析 IAuthorizationService。
从上下文解析 IAuthorizationService:
var a = httpContextAccessor.HttpContext.RequestServices.GetRequiredService<IAuthorizationService>();
并将其用作:
var isAuthorized = await a.AuthorizeAsync(httpContextAccessor.HttpContext.User, Permission.RunReports);
| 归档时间: |
|
| 查看次数: |
1513 次 |
| 最近记录: |