ASP .NET 5 MVC 6 Identity 3 Roles Claims Groups [closed]

后端未结

关注

 3  1935

小鲜肉

相关标签:

3条回答

爱一瞬间的悲伤

2021-01-31 00:31
We were in the same boat here, without much in terms of reading apart from the source of course...

We ended up implementing Policies. Policies being a group of Claims that are required for authorization to be satisfied. these Policies can then be applied to Controllers.

You can define your Policies in Startup.cs, ConfigureServices:
```
services.AddAuthorization(options =>
{
    options.AddPolicy("SalesSenior", policy =>
    {
        policy.RequireClaim("department", "sales");
        policy.RequireClaim("status", "senior");
    });
});
```
We defined Roles, assigned 1 or more Claims to them and assigned Roles to Users allowing them to be checked against the appropriate Policy on hitting a Controller.

You can inject the IAuthorizationService into a Controller or Attribute as so:
```
public class SalesDashboardController: Controller
{
    private readonly IAuthorizationService _authz;

    public VarianceOverviewController(IAuthorizationService authz)
    {
        _authz = authz;
    }
    ...
}
```
You can then use the IAuthorizationService to check the validity of a users claims...
```
if (await _authz.AuthorizeAsync(User, "SalesSenior"))
{
    // User is authorized            
}
```
This article was my main source for this stuff and was a great primer for me. Good luck!
0 讨论(0)
发布评论:

提交评论
- 加载中...

离开以前

2021-01-31 00:36

This thread helped me get something working, but it's sad that this is not better documented.

Here are my attempts at improving that. Asp.net.Identity (3.0.0.0-rc1-final)

in Startup.cs --> ConfigurationServices

        //Define your policies here, they are strings associated with claims types, that have claim strings... 
        //they need to be in AspNetUserClaims table, user id, department, Dev to be allowed access to the Dev policy
        //add the auth option, below that makes it work, and in the api controller, add the        
        //[Authorize("Dev")] attribute
        services.AddAuthorization(
            options =>
            {
                options.AddPolicy("Dev", policy => { policy.RequireClaim("department", "Dev"); });
            });
        services.AddMvc();

0 讨论(0)

佛祖请我去吃肉

2021-01-31 00:40

If you are looking for a sample project there are not that many out there at the moment. The first place to look is on the aspnet GitHub project pages.

Luckily, the ASP.NET Identity sub-project has a sample project that you can take a look at here, however it may not cover all your requirements. Note that this is using the latest beta.

0 讨论(0)
发布评论:

提交评论
- 加载中...

热议问题