问题描述
这是一个解释此情况的示例控制器
Here is an example controller to explain the case
[Authorize]
public class AccountController : ControllerBase
{
[AllowAnonymous]
[Authorize(Policy = "SpecificPolicy")]
public string MethodA() {}
public string MethodB() {}
}
- 方法A仅应通过"SpecificPolicy"进行授权.
- 方法B应通过授权"属性进行授权
我遇到的问题是,如果我删除AllowAnonymous属性,则控制器上的Authorize优先于MethodA不需要的优先级.
The issue I'm having is that if I remove the AllowAnonymous attribute then Authorize on the controller takes precedence which I don't want for MethodA.
当我为MethodA保留AllowAnonymous时,将忽略Authorize(Policy ="SpecificPolicy").
When I keep AllowAnonymous for MethodA then Authorize(Policy = "SpecificPolicy") is ignored.
推荐答案
[AllowAnonymous]
绕过所有其他授权属性.当您同时将其与其他授权属性一起使用时,所有其他属性将被忽略,甚至其他属性也是更特定的方法级别.
[AllowAnonymous]
bypasses all other authorization attributes. When you have it with other authorize attributes at the same time, all other attributes are ignored, even other attributes are the-more-specific method level.
例如:
[AllowAnonymous]
public class DashboardController : Controller
{
[Authorize]
public IActionResult Index()
{
return View();
}
}
/dashboard
将打开/公开.
当您具有多个授权属性时,必须先满足所有条件,然后才能调用该方法.对于您来说, [Authorize]
和 [Authorize(Policy ="SpecificPolicy")]
都必须在授予访问权限之前通过.
When you have multiple authorize attributes, all of them need to be satisfied before you can make the call to the method. In your case, both [Authorize]
and [Authorize(Policy = "SpecificPolicy")]
must pass before access is granted.
如果您不希望 [Authorize]
优先,则只能将其应用于方法B:
If you don't want [Authorize]
to take the precedence, you can only apply it to method B:
public class AccountController : ControllerBase
{
[Authorize(Policy = "SpecificPolicy")]
public string MethodA() {}
[Authorize]
public string MethodB() {}
}
那么这可能是您将MethodA划分为 Areas (区域)的好时机.
Then this might be good time for you to separate MethodA into Areas.
例如:
您的 AccountController
上仍然具有 [Authorize]
,但是只需取出MethodA:
You still have [Authorize]
on your AccountController
, but just take out the MethodA:
[Authorize]
public class AccountController : ControllerBase
{
public string MethodB() {}
}
然后为MethodA创建一个区域:
Then you create an Area for MethodA:
[Area("specific")]
[Authorize(Policy = "SpecificPolicy")]
public abstract class SpecificControllerBase : ControllerBase
{ }
public class AccountController : SpecificationControllerBase
{
public string MethodA() {}
}
最后,您需要在 Startup.cs
中注册区域路由:
Lastly you need to register the area route in your Startup.cs
:
app.UseMvc(routes =>
{
...
routes.MapRoute(
name: "areaRoute",
template: "{area:exists}/{controller=dashboard}/{action=index}/{id?}");
routes.MapRoute(
name: "default",
template: "{controller=home}/{action=index}/{id?}");
});
这篇关于.NET Core覆盖控制器级别的特定操作的Authorize属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!