ASP .NET 5 MVC 6 Identity 3 Roles Claims Groups [closed]

百般思念 提交于 2019-12-02 16:22:15

We were in the same boat here, without much in terms of reading apart from the source of course...

We ended up implementing Policies. Policies being a group of Claims that are required for authorization to be satisfied. these Policies can then be applied to Controllers.

You can define your Policies in Startup.cs, ConfigureServices:

services.AddAuthorization(options =>
{
    options.AddPolicy("SalesSenior", policy =>
    {
        policy.RequireClaim("department", "sales");
        policy.RequireClaim("status", "senior");
    });
});

We defined Roles, assigned 1 or more Claims to them and assigned Roles to Users allowing them to be checked against the appropriate Policy on hitting a Controller.

You can inject the IAuthorizationService into a Controller or Attribute as so:

public class SalesDashboardController: Controller
{
    private readonly IAuthorizationService _authz;

    public VarianceOverviewController(IAuthorizationService authz)
    {
        _authz = authz;
    }
    ...
}

You can then use the IAuthorizationService to check the validity of a users claims...

if (await _authz.AuthorizeAsync(User, "SalesSenior"))
{
    // User is authorized            
}

This article was my main source for this stuff and was a great primer for me. Good luck!

If you are looking for a sample project there are not that many out there at the moment. The first place to look is on the aspnet GitHub project pages.

Luckily, the ASP.NET Identity sub-project has a sample project that you can take a look at here, however it may not cover all your requirements. Note that this is using the latest beta.

flagman

This thread helped me get something working, but it's sad that this is not better documented.

Here are my attempts at improving that. Asp.net.Identity (3.0.0.0-rc1-final)

in Startup.cs --> ConfigurationServices

        //Define your policies here, they are strings associated with claims types, that have claim strings... 
        //they need to be in AspNetUserClaims table, user id, department, Dev to be allowed access to the Dev policy
        //add the auth option, below that makes it work, and in the api controller, add the        
        //[Authorize("Dev")] attribute
        services.AddAuthorization(
            options =>
            {
                options.AddPolicy("Dev", policy => { policy.RequireClaim("department", "Dev"); });
            });
        services.AddMvc();
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!