在 Razor Pages 中按角色限制文件夹访问
Restricting folder access by role in Razor Pages
我一直在搜索和搜索,但无法得到直接的答案。 (我找到的大部分答案都已过时。)
看来我可以使用页面 class 上的 Authorize 属性来限制对 razor 页面的访问 class。
[Authorize(Roles = "Admin")]
但是,使用当前版本的 Razor Pages,如何限制整个文件夹或区域?
按策略名称授权文件夹
services.AddRazorPages()
.AddRazorPagesOptions(ops =>
{
ops.Conventions.AuthorizeFolder("MyFolder", "RequireAdmins");
});
添加基于角色的策略
services.Authorization(ops =>
{
ops.AddPolicy("RequireAdmins", policy => policy.RequireRole("Admins"));
});
令人沮丧的是,这些内容似乎随着每次发布而改变。这使得很难知道您是否正在查看正确的文档。
但这似乎是最新版本所需的方法,对我来说很管用。
ConfigureServices()
services.AddAuthorization(options =>
{
// Create policies
options.AddPolicy("Staff", p => p.RequireRole(Role.Staff));
options.AddPolicy("Admin", p => p.RequireRole(Role.Admin));
});
// Set authorizations
services.AddRazorPages(options =>
{
// Requires staff role for all pages (not including areas)
options.Conventions.AuthorizeFolder("/", "Staff");
// Set authorization for areas (looks like no way to do all areas at once)
options.Conventions.AuthorizeAreaFolder("Admin", "/", "Admin");
options.Conventions.AuthorizeAreaFolder("Leasing", "/", "Staff");
options.Conventions.AuthorizeAreaFolder("Repair", "/", "Staff");
options.Conventions.AuthorizeAreaFolder("Storage", "/", "Staff");
options.Conventions.AuthorizeAreaFolder("Transloading", "/", "Staff");
// Anonymous pages
options.Conventions.AllowAnonymousToPage("/Index");
options.Conventions.AllowAnonymousToPage("/Error");
});
我一直在搜索和搜索,但无法得到直接的答案。 (我找到的大部分答案都已过时。)
看来我可以使用页面 class 上的 Authorize 属性来限制对 razor 页面的访问 class。
[Authorize(Roles = "Admin")]
但是,使用当前版本的 Razor Pages,如何限制整个文件夹或区域?
按策略名称授权文件夹
services.AddRazorPages()
.AddRazorPagesOptions(ops =>
{
ops.Conventions.AuthorizeFolder("MyFolder", "RequireAdmins");
});
添加基于角色的策略
services.Authorization(ops =>
{
ops.AddPolicy("RequireAdmins", policy => policy.RequireRole("Admins"));
});
令人沮丧的是,这些内容似乎随着每次发布而改变。这使得很难知道您是否正在查看正确的文档。
但这似乎是最新版本所需的方法,对我来说很管用。
ConfigureServices()
services.AddAuthorization(options =>
{
// Create policies
options.AddPolicy("Staff", p => p.RequireRole(Role.Staff));
options.AddPolicy("Admin", p => p.RequireRole(Role.Admin));
});
// Set authorizations
services.AddRazorPages(options =>
{
// Requires staff role for all pages (not including areas)
options.Conventions.AuthorizeFolder("/", "Staff");
// Set authorization for areas (looks like no way to do all areas at once)
options.Conventions.AuthorizeAreaFolder("Admin", "/", "Admin");
options.Conventions.AuthorizeAreaFolder("Leasing", "/", "Staff");
options.Conventions.AuthorizeAreaFolder("Repair", "/", "Staff");
options.Conventions.AuthorizeAreaFolder("Storage", "/", "Staff");
options.Conventions.AuthorizeAreaFolder("Transloading", "/", "Staff");
// Anonymous pages
options.Conventions.AllowAnonymousToPage("/Index");
options.Conventions.AllowAnonymousToPage("/Error");
});