自定义策略-简单实践 <一>
2024-10-06 17:16:45
1.建立 netcore mvc 项目。
2.startup.cs 中添加服务
services.AddAuthorization(option=>
{
var requirements = new List<MyPermission>();
requirements.Add(new MyPermission() { Url = "/", Name = "admin" }); // 要有 / 开头
requirements.Add(new MyPermission() { Url = "/home/index", Name = "admin" });
requirements.Add(new MyPermission() { Url = "/default", Name = "root" });
option.AddPolicy("qgbplicy", policy =>
{
policy.Requirements.Add(new PermissionRequirement("/denied", requirements, ClaimTypes.Role));
}); }).AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(
option => {
option.AccessDeniedPath = "/home/Denied";
option.LoginPath = "/home/Login";
}
);
services.AddSingleton<IAuthorizationHandler, PermissionHandler>();
app.UseAuthentication();
3.登录的controller:
[AllowAnonymous]
[HttpPost]
public async Task<IActionResult> Login(string userName, string password, string returnUrl = null)
{ //用户标识
var identity = new ClaimsIdentity(CookieAuthenticationDefaults.AuthenticationScheme);
//如果是基于角色的授权策略,这里要添加用户
identity.AddClaim(new Claim(ClaimTypes.Name, "gsw"));
//如果是基于角色的授权策略,这里要添加角色
identity.AddClaim(new Claim(ClaimTypes.Role, "admin"));
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(identity));
if (returnUrl == null)
{
returnUrl = TempData["returnUrl"]?.ToString();
}
if (returnUrl != null)
{
return Redirect(returnUrl);
}
else
{
return RedirectToAction(nameof(HomeController.Index), "Home");
} }
4.创建 PermissionHandler 类
public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
{
//从AuthorizationHandlerContext转成HttpContext,以便取出表求信息
var httpContext = (context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext).HttpContext; //是否经过验证
if (httpContext.User.Identity.IsAuthenticated)
{
var questUrl = httpContext.Request.Path.Value.ToLower();
//权限中是否存在请求的url
if (requirement.Permissions.Any(w => w.Url.ToLower() == questUrl))
{
var name = httpContext.User.Claims.SingleOrDefault(s => s.Type == requirement.ClaimType).Value;
//验证权限
if (requirement.Permissions.Any(w => w.Name == name))
{
context.Succeed(requirement);
}
else
{
//无权限跳转到拒绝页面
httpContext.Response.Redirect(requirement.DeniedAction);
}
}
else
{
context.Succeed(requirement);
}
}
return Task.CompletedTask;
}
}
最新文章
- [Android Pro] android控件ListView顶部或者底部也显示分割线
- Linux解压和打包jar
- react-router
- asynchronous-logging-with-log4j-2--转
- Why Deep Learning Works – Key Insights and Saddle Points
- (转)TextView属性大全
- POJ3258River Hopscotch(二分)
- poj1080--Human Gene Functions(dp:LCS变形)
- fuel 6.1自动推送3控高可用centos 6.5 juno环境排错(一)
- 在android C/C++ native编程(ndk)中使用logcat
- 凸包问题——Graham Scan
- DataFrameNaFunctions无fill方法
- jbpm - 工作流的基本操作
- springboot配置redis
- Linux第三课——目录操作
- 用户场景模拟+Spec
- kettle Spoon.bat运行闪退
- Delphi调用网页美化SQL
- UI设计初学者如何避免走弯路?
- 分布式事务,EventBus 解决方案:CAP【中文文档】(转)