1. 首页
  2. 问答
  3. 如何重写ASP.NET Core中的HandleUnauthorizedRequest

如何重写ASP.NET Core中的HandleUnauthorizedRequest

2016-11-06 136 views
0

我正在将我的项目迁移到asp.net核心,并且我一直在迁移我的控制器的CustomAuthorization属性。这是我的代码。如何重写ASP.NET Core中的HandleUnauthorizedRequest

public class CustomAuthorization : AuthorizeAttribute 
{ 
    public string Url { get; set; } 

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) 
    { 
     if (!filterContext.HttpContext.User.Identity.IsAuthenticated) 
     { 
      filterContext.Result = new RedirectResult(Url + "?returnUrl=" + filterContext.HttpContext.Request.Url.PathAndQuery); 
     } 
     else if (!Roles.Split(',').Any(filterContext.HttpContext.User.IsInRole)) 
     { 
      filterContext.Result = new ViewResult 
      { 
       ViewName = "AcessDenied" 
      }; 
     } 
     else 
     { 
      base.HandleUnauthorizedRequest(filterContext); 
     } 
    } 
}

然后我用它来我控制器

[CustomAuthorization(Url = "/Admin/Account/Login", Roles = "Admin")] 
public abstract class AdminController : Controller { }

所以,基本上我可以使用它时,不符合角色重定向到不同的登录页面。我有几个区域,每个人都有不同的登录页面。我尝试使用CookieAuthenticationOptions这样

services.Configure<CookieAuthenticationOptions>(options => 
{ 
    options.AuthenticationScheme = "Admin"; 
    options.LoginPath = "/Admin/Account/Login"; 
});

然后我的管理控制器上

[Area("Admin")] 
[Authorize(ActiveAuthenticationSchemes = "Admin", Roles = "Admin")]

但之后,我登录,它仍然无法进入。

来源

2016-11-06 markoverflow

+0

您是否尝试过通过这个代码加强?它会被执行吗?它在哪里失败? – Darkonekt

+0

看看http://stackoverflow.com/questions/31464359/custom-authorizeattribute-in-asp-net-5-mvc-6 –

回答

1

我在做一个类似的东西我的项目。这个答案不是使用AuthorizeAttribute;但它可能有助于一个人从谷歌搜索这里登陆。 在我的情况下,我使用它来基于自定义逻辑进行授权。

首先我的自定义属性类:

public class CustomAuthorizationAttribute : ActionFilterAttribute 
{ 
    private readonly IMyDepedency _dp; 
    public CustomAuthorizationAttribute(IMyDepedency dp) 
    { 
     _dp = dp; 
    } 
    public override void OnActionExecuting(ActionExecutingContext context) 
    { 
     var isValid = false; 
     //write my validation and authorization logic here 
     if(!isValid) 
     { 
      var unauthResult = new UnauthorizedResult(); 

      context.Result = unauthResult;     
     } 

     base.OnActionExecuting(context); 
    } 
}

我装点像这样我的控制器:

[ServiceFilter(typeof (CustomAuthorizationAttribute))]

然后在我的启动类

public void ConfigureServices(IServiceCollection services) 
{ 
    // Add framework services. 
    services.AddMvc(); 

    // my other stuff that is not relevant in this post 

    // Security 
    services.AddTransient<CustomAuthorizationAttribute>(); 
}

来源

2016-11-06 13:17:47 Darkonekt

相关问题

 相关问题