Cal*_*leb 3 asp.net-identity blazor blazor-client-side
我正在使用3.2-preview3带有 Identity 脚手架的 Blazor WebAssembly应用程序,它创建了以下 3 个项目:
App.Client
App.Server
App.Shared
我的IdentityUser实现被调用AppUser,我的ApiAuthorizationDbContext实现被调用AppDb
我有一个名为Admin已分配给管理员的角色,还有一个名为RequireAdmin检查该Admin角色的策略。但是,当我尝试使用AuthorizeViewinApp.Client并与管理员一起查看页面时,它不显示链接。
<AuthorizeView Policy="RequireAdmin">
<Authorized>
<a class="nav-link" href="admin">Admin</a>
</Authorized>
</AuthorizeView>
如何在 Blazor WebAssembly 应用程序中启用角色和策略?
1. 在 App.Shared 中创建角色和策略
将Microsoft.AspNetCore.Authorization包添加到App.Shared项目中
在App.Shared项目中添加以下 2 个类来定义客户端和服务器将使用的角色和策略。
共享/角色类型.cs
namespace App.Shared
{
public static class RoleTypes
{
public const string Admin = "Admin";
}
}
共享/PolicyTypes.cs
using Microsoft.AspNetCore.Authorization;
namespace App.Shared
{
public static class PolicyTypes
{
public const string RequireAdmin = "RequireAdmin";
public static AuthorizationOptions AddAppPolicies(this AuthorizationOptions options)
{
options.AddPolicy(RequireAdmin, policy =>
policy.RequireRole(RoleTypes.Admin));
return options;
}
}
}
2.在App.Server中配置服务
通过调用刚刚定义的扩展方法,修改项目中的Startup.cs文件App.Server以添加您的策略App.Shared。
还要修改它以将role声明包含在openid范围内。
服务器/启动.cs
using App.Shared;
...
namespace App.Server
{
public class Startup
{
...
public void ConfigureServices(IServiceCollection services)
{
...
services.AddDefaultIdentity<AppUser>(options =>
{
options.SignIn.RequireConfirmedAccount = true;
})
.AddRoles<IdentityRole>()
.AddEntityFrameworkStores<AppDb>();
services.AddIdentityServer()
.AddApiAuthorization<AppUser, AppDb>(options =>
{
// https://github.com/dotnet/AspNetCore.Docs/issues/17649
options.IdentityResources["openid"].UserClaims.Add("role");
options.ApiResources.Single().UserClaims.Add("role");
});
// Need to do this as it maps "role" to ClaimTypes.Role and causes issues
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Remove("role");
services.AddAuthentication()
.AddIdentityServerJwt();
services.AddAuthorization(options => options.AddAppPolicies());
...
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
...
app.UseAuthentication();
app.UseAuthorization();
app.UseIdentityServer();
...
}
}
}
3.在App.Client中配置服务
通过调用刚刚定义的扩展方法,修改项目中的Program.cs文件App.Client以添加您的策略App.Shared。还要修改AddApiAuthorization以配置role声明。
客户端/程序.cs
using App.Client.Services;
using App.Shared;
...
namespace App.Client
{
public class Program
{
public static async Task Main(string[] args)
{
...
builder.Services.AddAuthorizationCore(options => options.AddAppPolicies());
// 2 calls to AddApiAuthorization are necessary in 3.2-preview3
// should be fixed in 3.2-preview4
// https://github.com/dotnet/aspnetcore/issues/19854
// https://github.com/dotnet/AspNetCore.Docs/issues/17649#issuecomment-612442543
builder.Services.AddApiAuthorization();
builder.Services.AddApiAuthorization(options =>
{
options.UserOptions.RoleClaim = "role";
});
...
}
}
}
| 归档时间: |
|
| 查看次数: |
1837 次 |
| 最近记录: |