本文介绍了.NET Core覆盖控制器级别的特定操作的Authorize属性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

这是一个解释此情况的示例控制器

Here is an example controller to explain the case

[Authorize]
public class AccountController : ControllerBase
{
    [AllowAnonymous]
    [Authorize(Policy = "SpecificPolicy")]
    public string MethodA() {}

    public string MethodB() {}
}

  • 方法A仅应通过"SpecificPolicy"进行授权.
  • 方法B应通过授权"属性进行授权
  • 我遇到的问题是,如果我删除AllowAnonymous属性,则控制器上的Authorize优先于MethodA不需要的优先级.

    The issue I'm having is that if I remove the AllowAnonymous attribute then Authorize on the controller takes precedence which I don't want for MethodA.

    当我为MethodA保留AllowAnonymous时,将忽略Authorize(Policy ="SpecificPolicy").

    When I keep AllowAnonymous for MethodA then Authorize(Policy = "SpecificPolicy") is ignored.

    推荐答案

    [AllowAnonymous] 绕过所有其他授权属性.当您同时将其与其他授权属性一起使用时,所有其他属性将被忽略,甚至其他属性也是更特定的方法级别.

    [AllowAnonymous] bypasses all other authorization attributes. When you have it with other authorize attributes at the same time, all other attributes are ignored, even other attributes are the-more-specific method level.

    例如:

    [AllowAnonymous]
    public class DashboardController : Controller
    {
        [Authorize]
        public IActionResult Index()
        {
            return View();
        }
    }
    

    /dashboard 将打开/公开.

    当您具有多个授权属性时,必须先满足所有条件,然后才能调用该方法.对于您来说, [Authorize] [Authorize(Policy ="SpecificPolicy")] 都必须在授予访问权限之前通过.

    When you have multiple authorize attributes, all of them need to be satisfied before you can make the call to the method. In your case, both [Authorize] and [Authorize(Policy = "SpecificPolicy")] must pass before access is granted.

    如果您不希望 [Authorize] 优先,则只能将其应用于方法B:

    If you don't want [Authorize] to take the precedence, you can only apply it to method B:

    public class AccountController : ControllerBase
    {
        [Authorize(Policy = "SpecificPolicy")]
        public string MethodA() {}
    
        [Authorize]
        public string MethodB() {}
    }
    

    那么这可能是您将MethodA划分为 Areas (区域)的好时机.

    Then this might be good time for you to separate MethodA into Areas.

    例如:

    您的 AccountController 上仍然具有 [Authorize] ,但是只需取出MethodA:

    You still have [Authorize] on your AccountController, but just take out the MethodA:

    [Authorize]
    public class AccountController : ControllerBase
    {
        public string MethodB() {}
    }
    

    然后为MethodA创建一个区域:

    Then you create an Area for MethodA:

    [Area("specific")]
    [Authorize(Policy = "SpecificPolicy")]
    public abstract class SpecificControllerBase : ControllerBase
    { }
    
    public class AccountController : SpecificationControllerBase
    {
        public string MethodA() {}
    }
    

    最后,您需要在 Startup.cs 中注册区域路由:

    Lastly you need to register the area route in your Startup.cs:

    app.UseMvc(routes =>
    {
        ...
    
        routes.MapRoute(
            name: "areaRoute",
            template: "{area:exists}/{controller=dashboard}/{action=index}/{id?}");
    
        routes.MapRoute(
            name: "default",
            template: "{controller=home}/{action=index}/{id?}");
    });
    

    这篇关于.NET Core覆盖控制器级别的特定操作的Authorize属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-15 17:32