如何从 AuthorizationHandler .NET Core 获取参数

本文介绍了如何从 AuthorizationHandler .NET Core 获取参数的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在使用授权处理程序将自定义授权放入我的 .net 核心控制器中.如何从控制器获取参数并将其用于授权处理程序?

I am using an authorization handler to put custom authorization in my controller in .net core. How can I get the parameters from the controller and use it to the authorization handler?

在旧的 .NET 中，我可以像这样从 HttpContext 请求参数中获取参数:

In the old .NET I can get the parameters from HttpContext request param like this:

var eventId = filterContext.RequestContext.HttpContext.Request.Params["id"];

我不确定如何在 .net core 中实现它

I am not sure how can I achieved it in .net core

public class HasAdminRoleFromAnySiteRequirement : AuthorizationHandler<HasAdminRoleFromAnySiteRequirement>, IAuthorizationRequirement
{
    public HasAdminRoleFromAnySiteRequirement()
    {

    }

    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
        HasAdminRoleFromAnySiteRequirement requirement)
    {   

    //need to call get param from controller to used in the validation
    // something like this 
    //var eventId = filterContext.RequestContext.HttpContext.Request.Params["id"];
   // I tried the suggestion below but I can't get the parameter from routedata
   // var mvcContext = context.Resource as     Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;            

        return Task.FromResult(0);
    }
}

推荐答案

在您的处理程序中，您可以执行以下操作

In your handler you can do the following

var mvcContext = context.Resource as 
    Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;

if (mvcContext != null)
{
    // Examine MVC specific things like routing data.
}

如果您想要参数值，那么授权属性片段会在绑定发生之前运行.相反，您将转到控制器内部的命令式调用.这基本上是基于资源的授权，您的参数是一个资源.

If you want parameter values then the authorize attribute pieces run before binding has taking place. Instead you would move to an imperative call, inside your controller. This is basically resource based authorization, your parameter is a resource.

您将授权服务注入您的控制器；

You would inject the authorization service into your controller;

public class DocumentController : Controller
{
    IAuthorizationService _authorizationService;

    public DocumentController(IAuthorizationService authorizationService)
    {
        _authorizationService = authorizationService;
    }
}

然后稍微不同地编写您的处理程序；

Then write your handler slightly differently;

public class DocumentAuthorizationHandler : AuthorizationHandler<MyRequirement, Document>
{
    public override Task HandleRequirementAsync(AuthorizationHandlerContext context,
                                                MyRequirement requirement,
                                                Document resource)
    {
        // Validate the requirement against the resource and identity.

        return Task.CompletedTask;
    }
}

你可以看到这个处理程序接受一个文档，它可以是任何你喜欢的，可以是一个 ID 的整数，或者某种类型的视图模型.

You can see this handler takes a document, this can be whatever you like, be it an integer for an ID, or some type of view model.

然后您可以在 HandleRequirementAsync() 方法中访问它.

Then you have access to it inside your HandleRequirementAsync() method.

最后，一旦绑定发生，您将在控制器中调用它；

Finally, you'd call it from within your controller, once binding has taken place;

if (await authorizationService.AuthorizeAsync(
    User, 
    document,     
    yourRequirement))
{
}

这篇关于如何从 AuthorizationHandler .NET Core 获取参数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！