按照这里的文档,我尝试实现基于策略的身份验证方案.http://docs.asp.net/en/latest/security/authorization/policies.html#security-authorization-handler-example
我遇到的问题是我的自定义AuthorizationHandler没有调用我的Handle方法.(它不会扔到这里).它还会在构造函数中注入当前的依赖项.
这是AuthorizationHandler代码.
using WebAPIApplication.Services;
using Microsoft.AspNet.Authorization;
namespace WebAPIApplication.Auth
{
public class TokenAuthHandler : AuthorizationHandler<TokenRequirement>, IAuthorizationRequirement
{
private IAuthService _authService;
public TokenAuthHandler(IAuthService authService)
{
_authService = authService;
}
protected override void Handle(AuthorizationContext context, TokenRequirement requirement)
{
throw new Exception("Handle Reached");
}
}
public class TokenRequirement : IAuthorizationRequirement
{
public TokenRequirement()
{
}
}
}
在启动我有
// Authorization
services.AddSingleton<IAuthorizationHandler, TokenAuthHandler>()
.AddAuthorization(options =>
{
options.AddPolicy("ValidToken",
policy => policy.Requirements.Add(new TokenRequirement()));
});
控制器方法是
// GET: api/values
[HttpGet, Authorize(Policy="ValidToken")]
public string Get()
{
return …