问题
How can I force authorization on all controllers within an area? Specifically, I would like to configure an AuthorizeFilter to be applied on the 'admin' area as part of the Startup.ConfigureServices() method.
回答1:
One way do to this is with the use of a custom IControllerModelConvention
public class AuthorizeAreaConvention : IControllerModelConvention
{
private readonly string _area;
private readonly string _policy;
public AuthorizeAreaConvention(string area, string policy)
{
_area = area;
_policy = policy;
}
public void Apply(ControllerModel controller)
{
if (controller.Attributes.Any(a =>
a is AreaAttribute && (a as AreaAttribute).RouteValue.Equals(_area, StringComparison.OrdinalIgnoreCase))
|| controller.RouteValues.Any(r =>
r.Key.Equals("area", StringComparison.OrdinalIgnoreCase) && r.Value.Equals(_area, StringComparison.OrdinalIgnoreCase)))
{
controller.Filters.Add(new AuthorizeFilter(_policy));
}
}
}
Then in your Startup.ConfigureServices() method, you can add:
services.AddMvc(options =>
{
options.Conventions.Add(
new AuthorizeAreaConvention("Admin", Policy.AdministratorPolicy));
});
Where Policy.AdministratorPolicy is just a string constant (e.g. "AdministratorPolicy") which is registered in the app StartUp as follows:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthorization(o =>
{
o.AddPolicy(Policy.AdministratorPolicy, b =>
{
b.RequireAuthenticatedUser();
b.RequireClaim(ClaimTypes.Role, Roles.Admin);
});
});
// Add framework services.
services.AddMvc();
// ... Omitted for brevity
}
In the above, Roles.Admin is just a string constant (e.g. "Admin").
来源:https://stackoverflow.com/questions/53556335/apply-authorize-filter-on-all-controllers-within-an-area