我有2条政策:Readers
和Writers
。
对于每一项政策,我都会拥有许多属于它们的值:
Readers: [1,2,3,4,5,6]
Writers: [100,400,500]
此数组将存储在数据库中,或者通过Http调用进行检索。
我该如何代替某些示例中的预定义值来检查所需的索赔值:
services.AddAuthorization(options =>
{
options.AddPolicy("Readers",policy =>policy.Requireclaim("UserID","1","2","3","4","5"));
});
得到这样的东西:
CheckPolicyService someService;
services.AddAuthorization(options =>
{
options.AddPolicy("Readers",async (userId)=>await someService.CheckClaimAsync(new Claim("UserID",userId,),"Readers"));
});
我该如何代替检查EmployerID
是否在给定值列表中,而是致电服务
检查这个吗?
public class PolicyRepo
{
public string PolicyID{get;set;}
public string[] Users{get;set;}
}
public class CheckPolicyService
{
private PolicyRepo [] repos {get;set;} //all policies with their allowed users
public async Task<bool> CheckClaimAsync(Claim userClaim,string policy)
{
if(userClaim.Type!="UserID")
{
return false;
}
bool hasaccess=this.repos.Single(r=>r.PolicyId==policy).Users.Contains(userClaim.Value);
return hasaccess;
}
}
public class Controller
{
[Authorize(Policy="Readers")]
public async Task ReadAsync()
{
}
[Authorize(Policy="Writers")]
public async Task WriteAsync()
{
}
}