我正在使用授权处理程序将自定义授权放在.net核心的控制器中.如何从控制器获取参数并将其用于授权处理程序.
在旧的.net中,我可以像这样从Httpcontext请求参数中获取参数
- var eventId = filterContext.RequestContext.HttpContext.Request.Params["id"];
我不知道如何在.net核心中实现它
- enter code here
- public class HasAdminRoleFromAnySiteRequirement : AuthorizationHandler<HasAdminRoleFromAnySiteRequirement>,IAuthorizationRequirement
- {
- public HasAdminRoleFromAnySiteRequirement()
- {
- }
- protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,HasAdminRoleFromAnySiteRequirement requirement)
- {
- //need to call get param from controller to used in the validation
- // something like this
- //var eventId = filterContext.RequestContext.HttpContext.Request.Params["id"];
- // I tried the suggestion below but I can't get the parameter from routedata
- // var mvcContext = context.Resource as Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
- return Task.FromResult(0);
- }
- }
解决方法
在处理程序中,您可以执行以下操作
- var mvcContext = context.Resource as
- Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
- if (mvcContext != null)
- {
- // Examine MVC specific things like routing data.
- }
如果需要参数值,则在绑定发生之前运行授权属性块.相反,你会转移到控制器内的强制调用.这基本上是resource based authorization,你的参数是一个资源.
您可以将授权服务注入您的控制器;
- public class DocumentController : Controller
- {
- IAuthorizationService _authorizationService;
- public DocumentController(IAuthorizationService authorizationService)
- {
- _authorizationService = authorizationService;
- }
- }
然后稍微改写你的处理程序;
- public class DocumentAuthorizationHandler : AuthorizationHandler<MyRequirement,Document>
- {
- public override Task HandleRequirementAsync(AuthorizationHandlerContext context,MyRequirement requirement,Document resource)
- {
- // Validate the requirement against the resource and identity.
- return Task.CompletedTask;
- }
- }
您可以看到此处理程序获取文档,这可以是您喜欢的任何内容,无论是ID的整数,还是某种类型的视图模型.
然后,您可以在HandleRequirementAsync()方法中访问它.
最后,一旦绑定发生,你就可以从你的控制器中调用它;
- if (await authorizationService.AuthorizeAsync(
- User,document,yourRequirement))
- {
- }
