如何从 AuthorizationHandler .NET Core 获取参数
How to get params from AuthorizationHandler .NET Core
我正在使用授权处理程序将自定义授权放入我在 .net 核心中的控制器中。如何从控制器获取参数并将其用于授权处理程序?
在旧的 .NET 中,我可以像这样从 HttpContext 请求参数中获取参数:
var eventId = filterContext.RequestContext.HttpContext.Request.Params["id"];
我不确定如何在 .net core 中实现它
public class HasAdminRoleFromAnySiteRequirement : AuthorizationHandler<HasAdminRoleFromAnySiteRequirement>, IAuthorizationRequirement
{
public HasAdminRoleFromAnySiteRequirement()
{
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
HasAdminRoleFromAnySiteRequirement requirement)
{
//need to call get param from controller to used in the validation
// something like this
//var eventId = filterContext.RequestContext.HttpContext.Request.Params["id"];
// I tried the suggestion below but I can't get the parameter from routedata
// var mvcContext = context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
return Task.FromResult(0);
}
}
在您的处理程序中,您可以执行以下操作
var mvcContext = context.Resource as
Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
if (mvcContext != null)
{
// Examine MVC specific things like routing data.
}
如果您想要参数值,那么在绑定发生之前授权属性片段 运行。相反,您会在控制器内部进行命令式调用。这基本上就是resource based authorization,你的参数是一个资源
您会将授权服务注入您的控制器;
public class DocumentController : Controller
{
IAuthorizationService _authorizationService;
public DocumentController(IAuthorizationService authorizationService)
{
_authorizationService = authorizationService;
}
}
然后编写您的处理程序略有不同;
public class DocumentAuthorizationHandler : AuthorizationHandler<MyRequirement, Document>
{
public override Task HandleRequirementAsync(AuthorizationHandlerContext context,
MyRequirement requirement,
Document resource)
{
// Validate the requirement against the resource and identity.
return Task.CompletedTask;
}
}
您可以看到此处理程序接受一个文档,这可以是您喜欢的任何内容,可以是 ID 的整数,也可以是某种类型的视图模型。
然后您可以在 HandleRequirementAsync() 方法中访问它。
最后,一旦绑定发生,您将从控制器中调用它;
if (await authorizationService.AuthorizeAsync(
User,
document,
yourRequirement))
{
}
您可以非常轻松地直接从您的处理程序访问参数。现在,我确定 think 是否适用于早期版本的核心(如果可以,你应该更新核心),但在核心 2.0 及更高版本中,你可以将 context.Resource 转换为 AuthorizationFilterContext HandleRequirementAsync 像这样的方法
if(context.Resource is AuthorizationFilterContext mvcContext)
{
//do stuff to the mvcContext
}
然后,您可以像这样访问参数
var value = mvcContext.HttpContext.Request.Query[key].FirstOrDefault();
其中 key 是您要查找的参数名称。
或者您可以像这样解析查询字符串
var queryString = mvcContext.HttpContext.Request.QueryString.ToString()
var foo = HttpUtility.ParseQueryString(queryString);
var value = foo[key]
同样,其中 key 是您要查找的参数名称。
在ASP.NET Core 2.2中,你可以得到这样一个路由参数值:
public class MyRequirementHandler : AuthorizationHandler<MyRequirement>
{
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MyRequirement requirement)
{
var authContext = (AuthorizationFilterContext)context.Resource;
var routeValueOfX = authContext.HttpContext.GetRouteValue("X");
.
.
.
}
}
在启用端点路由的ASP.NET Core 3.0中,您可以获得这样的路由参数值:
public class MyRequirementHandler : AuthorizationHandler<MyRequirement>
{
private readonly IHttpContextAccessor _httpContextAccessor;
public MyRequirementHandler(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MyRequirement requirement)
{
var routeData = _httpContextAccessor.HttpContext.GetRouteData();
var areaName = routeData?.Values["area"]?.ToString();
var area = string.IsNullOrWhiteSpace(areaName) ? string.Empty : areaName;
var controllerName = routeData?.Values["controller"]?.ToString();
var controller = string.IsNullOrWhiteSpace(controllerName) ? string.Empty : controllerName;
var actionName = routeData?.Values["action"]?.ToString();
var action = string.IsNullOrWhiteSpace(actionName) ? string.Empty : actionName;
//...
}
}
为了将来参考,从 .NET Core 5.0 开始,现在改为传递 HttpContext,因此您可以:
if (context.Resource is HttpContext httpContext)
{
var value = httpContext.GetRouteValue("key");
}
对于 .Net 5.0(如果您使用的是 .NET 3.0、3.1 会更好)使用以下内容:
public class MyAuthorizationPolicyHandler : AuthorizationHandler<OperationAuthorizationRequirement>
{
public MyAuthorizationPolicyHandler()
{
}
protected async override Task HandleRequirementAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement)
{
var result = false;
if (context.Resource is Microsoft.AspNetCore.Http.DefaultHttpContext httpContext)
{
var endPoint = httpContext.GetEndpoint();
if (endPoint != null)
{
var attributeClaims = endPoint.Metadata.OfType<MyAuthorizeAttribute>()
//TODO: Add your logic here
}
if (result)
{
context.Succeed(requirement);
}
}
}
请参考以下相关讨论:
我正在使用授权处理程序将自定义授权放入我在 .net 核心中的控制器中。如何从控制器获取参数并将其用于授权处理程序?
在旧的 .NET 中,我可以像这样从 HttpContext 请求参数中获取参数:
var eventId = filterContext.RequestContext.HttpContext.Request.Params["id"];
我不确定如何在 .net core 中实现它
public class HasAdminRoleFromAnySiteRequirement : AuthorizationHandler<HasAdminRoleFromAnySiteRequirement>, IAuthorizationRequirement
{
public HasAdminRoleFromAnySiteRequirement()
{
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
HasAdminRoleFromAnySiteRequirement requirement)
{
//need to call get param from controller to used in the validation
// something like this
//var eventId = filterContext.RequestContext.HttpContext.Request.Params["id"];
// I tried the suggestion below but I can't get the parameter from routedata
// var mvcContext = context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
return Task.FromResult(0);
}
}
在您的处理程序中,您可以执行以下操作
var mvcContext = context.Resource as
Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
if (mvcContext != null)
{
// Examine MVC specific things like routing data.
}
如果您想要参数值,那么在绑定发生之前授权属性片段 运行。相反,您会在控制器内部进行命令式调用。这基本上就是resource based authorization,你的参数是一个资源
您会将授权服务注入您的控制器;
public class DocumentController : Controller
{
IAuthorizationService _authorizationService;
public DocumentController(IAuthorizationService authorizationService)
{
_authorizationService = authorizationService;
}
}
然后编写您的处理程序略有不同;
public class DocumentAuthorizationHandler : AuthorizationHandler<MyRequirement, Document>
{
public override Task HandleRequirementAsync(AuthorizationHandlerContext context,
MyRequirement requirement,
Document resource)
{
// Validate the requirement against the resource and identity.
return Task.CompletedTask;
}
}
您可以看到此处理程序接受一个文档,这可以是您喜欢的任何内容,可以是 ID 的整数,也可以是某种类型的视图模型。
然后您可以在 HandleRequirementAsync() 方法中访问它。
最后,一旦绑定发生,您将从控制器中调用它;
if (await authorizationService.AuthorizeAsync(
User,
document,
yourRequirement))
{
}
您可以非常轻松地直接从您的处理程序访问参数。现在,我确定 think 是否适用于早期版本的核心(如果可以,你应该更新核心),但在核心 2.0 及更高版本中,你可以将 context.Resource 转换为 AuthorizationFilterContext HandleRequirementAsync 像这样的方法
if(context.Resource is AuthorizationFilterContext mvcContext)
{
//do stuff to the mvcContext
}
然后,您可以像这样访问参数
var value = mvcContext.HttpContext.Request.Query[key].FirstOrDefault();
其中 key 是您要查找的参数名称。
或者您可以像这样解析查询字符串
var queryString = mvcContext.HttpContext.Request.QueryString.ToString()
var foo = HttpUtility.ParseQueryString(queryString);
var value = foo[key]
同样,其中 key 是您要查找的参数名称。
在ASP.NET Core 2.2中,你可以得到这样一个路由参数值:
public class MyRequirementHandler : AuthorizationHandler<MyRequirement>
{
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MyRequirement requirement)
{
var authContext = (AuthorizationFilterContext)context.Resource;
var routeValueOfX = authContext.HttpContext.GetRouteValue("X");
.
.
.
}
}
在启用端点路由的ASP.NET Core 3.0中,您可以获得这样的路由参数值:
public class MyRequirementHandler : AuthorizationHandler<MyRequirement>
{
private readonly IHttpContextAccessor _httpContextAccessor;
public MyRequirementHandler(IHttpContextAccessor httpContextAccessor)
{
_httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MyRequirement requirement)
{
var routeData = _httpContextAccessor.HttpContext.GetRouteData();
var areaName = routeData?.Values["area"]?.ToString();
var area = string.IsNullOrWhiteSpace(areaName) ? string.Empty : areaName;
var controllerName = routeData?.Values["controller"]?.ToString();
var controller = string.IsNullOrWhiteSpace(controllerName) ? string.Empty : controllerName;
var actionName = routeData?.Values["action"]?.ToString();
var action = string.IsNullOrWhiteSpace(actionName) ? string.Empty : actionName;
//...
}
}
为了将来参考,从 .NET Core 5.0 开始,现在改为传递 HttpContext,因此您可以:
if (context.Resource is HttpContext httpContext)
{
var value = httpContext.GetRouteValue("key");
}
对于 .Net 5.0(如果您使用的是 .NET 3.0、3.1 会更好)使用以下内容:
public class MyAuthorizationPolicyHandler : AuthorizationHandler<OperationAuthorizationRequirement>
{
public MyAuthorizationPolicyHandler()
{
}
protected async override Task HandleRequirementAsync(AuthorizationHandlerContext context, OperationAuthorizationRequirement requirement)
{
var result = false;
if (context.Resource is Microsoft.AspNetCore.Http.DefaultHttpContext httpContext)
{
var endPoint = httpContext.GetEndpoint();
if (endPoint != null)
{
var attributeClaims = endPoint.Metadata.OfType<MyAuthorizeAttribute>()
//TODO: Add your logic here
}
if (result)
{
context.Succeed(requirement);
}
}
}
请参考以下相关讨论: