本文介绍了如何从AuthorizationHandler .NET Core获取参数的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在使用授权处理程序将自定义授权放入.net核心的控制器中.如何从控制器获取参数并将其用于授权处理程序?

I am using an authorization handler to put custom authorization in my controller in .net core. How can I get the parameters from the controller and use it to the authorization handler?

在旧的.NET中,我可以像这样从HttpContext请求参数中获取参数:

In the old .NET I can get the parameters from HttpContext request param like this:

var eventId = filterContext.RequestContext.HttpContext.Request.Params["id"];

我不确定如何在.net核心中实现它

I am not sure how can I achieved it in .net core

public class HasAdminRoleFromAnySiteRequirement : AuthorizationHandler<HasAdminRoleFromAnySiteRequirement>, IAuthorizationRequirement
{
    public HasAdminRoleFromAnySiteRequirement()
    {

    }

    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
        HasAdminRoleFromAnySiteRequirement requirement)
    {   

    //need to call get param from controller to used in the validation
    // something like this 
    //var eventId = filterContext.RequestContext.HttpContext.Request.Params["id"];
   // I tried the suggestion below but I can't get the parameter from routedata
   // var mvcContext = context.Resource as     Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;            

        return Task.FromResult(0);
    }
}

推荐答案

在您的处理程序中,您可以执行以下操作

In your handler you can do the following

var mvcContext = context.Resource as 
    Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;

if (mvcContext != null)
{
    // Examine MVC specific things like routing data.
}

如果需要参数值,则在绑定发生之前运行authorize属性.取而代之的是,您将转到控制器内部的命令式调用.这基本上是基于资源的授权,您的参数是资源.

If you want parameter values then the authorize attribute pieces run before binding has taking place. Instead you would move to an imperative call, inside your controller. This is basically resource based authorization, your parameter is a resource.

您会将授权服务注入您的控制器中

You would inject the authorization service into your controller;

public class DocumentController : Controller
{
    IAuthorizationService _authorizationService;

    public DocumentController(IAuthorizationService authorizationService)
    {
        _authorizationService = authorizationService;
    }
}

然后以稍微不同的方式编写您的处理程序;

Then write your handler slightly differently;

public class DocumentAuthorizationHandler : AuthorizationHandler<MyRequirement, Document>
{
    public override Task HandleRequirementAsync(AuthorizationHandlerContext context,
                                                MyRequirement requirement,
                                                Document resource)
    {
        // Validate the requirement against the resource and identity.

        return Task.CompletedTask;
    }
}

您可以看到此处理程序获取了一个文档,可以是您喜欢的任何内容,可以是ID的整数,也可以是某种类型的视图模型.

You can see this handler takes a document, this can be whatever you like, be it an integer for an ID, or some type of view model.

然后,您可以在HandleRequirementAsync()方法中访问它.

Then you have access to it inside your HandleRequirementAsync() method.

最后,一旦绑定完成,您就可以在控制器中调用它;

Finally, you'd call it from within your controller, once binding has taken place;

if (await authorizationService.AuthorizeAsync(
    User, 
    document,     
    yourRequirement))
{
}

这篇关于如何从AuthorizationHandler .NET Core获取参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-30 03:29