Jus*_*son 5 c# claims-based-identity asp.net-authorization asp.net-identity asp.net-core-3.1
我有一个在系统中执行某些操作所需的声明列表。我有一个策略列表来验证这些声明是否存在以执行某些操作。这一切都按预期进行。
我想做的是,如果另一个索赔具有一定的价值,则忽略对这些索赔的检查。例如,我有以下政策:
options.AddPolicy("AdjustmentFundAdmin", policy => {
policy.RequireClaim("AdjustmentFundAdmin");
});
options.AddPolicy("ManifestApprover", policy => {
policy.RequireClaim("ManifestApprover");
});
options.AddPolicy("InvoiceProcessor", policy => {
policy.RequireClaim("InvoiceProcessor");
});
但我想做的是,如果存在声明/值:policy.RequireClaim(“manna_tms_userlevel”,“magician”),则忽略策略中的这些声明检查。
我尝试添加多个,但这似乎只需要两者而不是其中之一。
options.AddPolicy("AdjustmentFundAdmin", policy => {
policy.RequireClaim("AdjustmentFundAdmin");
policy.RequireClaim("manna_tms_userlevel", "magician");
});
感谢@TonyHopkinson 的帮助!
我能够让它像这样工作:
options.AddPolicy("AdjustmentFundAdmin", policy => {
policy.RequireAssertion(context =>
context.User.HasClaim(c =>
(c.Type == "AdjustmentFundAdmin" ||
(c.Type == "manna_tms_userlevel" &&
c.Value == "magician"))));
});