该应用程序是在asp.net core 3上开发的。当用户担任多个角色时,面临授权问题。
用户角色:
public enum UserRole
{
None = 0x0,View = 0x1,ConfirmAlarm = 0x2,ObjectScaling = 0x4,SchemeEditor = 0x8,ObjectEditor = 0x10
}
索赔
private async Task Authenticate(User user)
{
var claims = new List<Claim>
{
new Claim(ClaimsIdentity.DefaultNameclaimType,user.Login),new Claim(ClaimsIdentity.DefaultRoleclaimType,((UserRole)user.Role).ToString()),new Claim("uGroupId",user.GroupId.ToString()),new Claim("uInfo",user.Info),new Claim("uTheme",user.Theme)
};
ClaimsIdentity id = new ClaimsIdentity(claims,"ApplicationCookie",ClaimsIdentity.DefaultNameclaimType,ClaimsIdentity.DefaultRoleclaimType);
await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme,new
ClaimsPrincipal(id));
}
控制器方法:
[Authorize(Roles = "View")]
[HttpPost("[action]")]
public async Task<string> Someaction()
{
//...some code
}
如果用户具有“查看,ConfirmAlarm,ObjectScaling,SchemeEditor,ObjectEditor”的所有角色,则无法在控制器中对该用户授权该方法。
可能是什么问题?是否需要创建自定义AuthorizeAttribute?
更新
添加了两个类: RolesRequirement.cs
public class RolesRequirement : IAuthorizationRequirement
{
public string RoleName { get; }
public RolesRequirement(string roleName)
{
RoleName = roleName;
}
}
RoleHandler.cs
public class RoleHandler : AuthorizationHandler<RolesRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,RolesRequirement requirement)
{
string roles = context.User.Claims.FirstOrDefault(x => x.Type == ClaimsIdentity.DefaultRoleclaimType).Value;
if (!string.IsnullOrEmpty(roles))
{
if (roles.Contains(requirement.RoleName))
{
context.Succeed(requirement);
}
}
return Task.CompletedTask;
}
}
将策略添加到startup.cs
services.AddAuthorization(options =>
{
options.AddPolicy("View",policy => policy.Requirements.Add(new RolesRequirement("View")));
options.AddPolicy("ConfirmAlarm",policy => policy.Requirements.Add(new RolesRequirement("ConfirmAlarm")));
options.AddPolicy("ObjectEditor",policy => policy.Requirements.Add(new RolesRequirement("ObjectEditor")));
});
并在控制器方法之前添加属性。
[Authorize(Policy = "View")]
[Authorize(Policy = "ObjectEditor")]
[HttpPost("[action]")]
public async Task<string> Someaction()
{
//...some code
}