如何访问当前的HttpContext以检查ASP.NET Core 2中基于自定义策略的授权的AuthorizationHandlerContext内的路由和参数?
参考示例:基于策略的自定义授权
我正在尝试按照教程实现自定义授权要求。它似乎
context.Resource不再包含AuthorizationFilterContext,因此:
var authFilterContext = context.Resource as AuthorizationFilterContext;
返回null,其余的逻辑失败。我也无法获取查询字符串值,因为它为空。以下是代码:
public class CanEditOnlyOtherAdminRolesAndClaimsHandler :
AuthorizationHandler<ManageAdminRolesAndClaimsRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
ManageAdminRolesAndClaimsRequirement requirement)
{
var authFilterContext = context.Resource as AuthorizationFilterContext;
if (authFilterContext == null)
{
return Task.CompletedTask;
}
string loggedInAdminId =
context.User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier).Value;
string adminIdBeingEdited = authFilterContext.HttpContext.Request.Query["userId"];
if (context.User.IsInRole("Admin") &&
context.User.HasClaim(claim => claim.Type == "Edit Role" && claim.Value == "true") &&
adminIdBeingEdited.ToLower() != loggedInAdminId.ToLower())
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
}
我应该如何在 …