Asp.net

在 .NET Core 1.0 MVC 的視圖中使用授權策略的任何方式?

  • March 17, 2016

我知道在控制器中,您可以[Authorize("policyName")]毫無問題地編寫,但是有沒有辦法在視圖中使用策略?我寧願不要User.IsInRole(...)每次我想授權一些 HTML 時都使用它。

編輯:

這是一些程式碼

Startup.cs – 政策聲明

   services.AddAuthorization(options =>
   {
       options.AddPolicy("testPolicy", policy =>
       {
           policy.RequireAuthenticatedUser()
                 .RequireRole("RoleOne", "RoleTwo", "RoleThree")
                 .RequireClaim(ClaimTypes.Email);
       });
   });

管理員控制器

[Authorize("testPolicy")]
public class AdminController : Controller
{
   public IActionResult Index()
   {
       return View();
   }
}

導航欄 HTML

<div class="navbar navbar-inverse navbar-fixed-top">
           <div class="container">
               <div class="navbar-collapse collapse">
                   <ul class="nav navbar-nav">
                       <li><a asp-controller="Home" asp-action="Index">Home</a></li> 

                       <!-- I want to implement my policy here. -->
                       @if (User.IsInRole("..."))
                       {
                           <li><a asp-controller="Admin" asp-action="Index">Admin</a></li>
                       }
                   </ul>
                   @await Html.PartialAsync("_LoginPartial")
               </div>
           </div>

我發現此連結可能會有所幫助:https ://docs.asp.net/en/latest/security/authorization/views.html

該頁面的範例:

@if (await AuthorizationService.AuthorizeAsync(User, "PolicyName"))
{
   <p>This paragraph is displayed because you fulfilled PolicyName.</p>
}

在某些情況下,資源將成為您的視圖模型,您可以呼叫 AuthorizeAsync 與在基於資源的授權期間檢查的方式完全相同;

@if (await AuthorizationService.AuthorizeAsync(User, Model, Operations.Edit))
{
   <p><a class="btn btn-default" role="button"
       href="@Url.Action("Edit", "Document", new {id= Model.Id})">Edit</a></p>
}

我最終創建了一個標籤助手來有條件地隱藏與之關聯的元素。

[HtmlTargetElement(Attributes = "policy")]
public class PolicyTagHelper : TagHelper
{
   private readonly IAuthorizationService _authService;
   private readonly ClaimsPrincipal _principal;

   public PolicyTagHelper(IAuthorizationService authService, IHttpContextAccessor httpContextAccessor)
   {
       _authService = authService;
       _principal = httpContextAccessor.HttpContext.User;
   }

   public string Policy { get; set; }

   public override async Task ProcessAsync(TagHelperContext context, TagHelperOutput output)
   {
       // if (!await _authService.AuthorizeAsync(_principal, Policy)) ASP.NET Core 1.x
       if (!(await _authService.AuthorizeAsync(_principal, Policy)).Succeeded)
           output.SuppressOutput();
   }
}

用法

<li policy="testPolicy"><a asp-controller="Admin" asp-action="Index">Admin</a></li>

引用自:https://stackoverflow.com/questions/36068655

相關問答

Asp.net

在 ASP.NET Core 中使用防偽 cookie,但使用非預設 CookieName

  • September 29, 2020
檢視問答
Asp.net

在 ASP.NET MVC Core 控制器的建構子中設置 ViewBag 屬性

  • May 22, 2020
檢視問答
Asp.net

launchSettings.json 中的 Asp.Net Core 更改 url 不起作用

  • April 5, 2018
檢視問答
Asp.net

ASP.NET Core 中的 Server.MapPath 等價物是什麼?

  • March 21, 2018
檢視問答
Asp.net

用於靜態文件的 .NET Core 響應壓縮中間件

  • October 19, 2017
檢視問答
Asp.net

使用 aspnet 核心自定義授權過濾器

  • December 23, 2016
檢視問答