我会用ClaimsTransformer
去获得用户声明。我只是试图展示如何获得用户声明并处理Windows Authenticatin的授权。
首先创建一个ClaimsTransformer
类:
public class ClaimsTransformer : IClaimsTransformer
{
// i assume you have a user service in which you get user info via entity framework
private readonly IUserService _userService;
public ClaimsTransformer(IUserService userService)
{
_userService = userService;
}
public async Task<ClaimsPrincipal> TransformAsync(ClaimsTransformationContext context)
{
var identity = ((ClaimsIdentity)context.Principal.Identity);
// ... add user claims if required
var roles = _userService.GetRoles(identity.Name);
foreach(var role in roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, role));
}
return await Task.FromResult(context.Principal);
}
}
然后用它Configure
方法
public void Configure(IApplicationBuilder app)
{
//...
app.UseClaimsTransformation(async (context) =>
{
IClaimsTransformer transformer = context.Context.RequestServices.GetRequiredService<IClaimsTransformer>();
return await transformer.TransformAsync(context);
});
//...
}
不幸的是User.IsInRole
方法不能与ClaimsTransformer
工作(如果添加与ClaimsTransformer
作用,IsInRole会假),所以你不能使用[Authorize(Roles = "")]
和ClaimsTransformer
。在这种情况下,您可以使用Claims Based Authorization来处理自动化。
所以最后下面的代码添加到ConfigureServices和使用Authorize
属性:
public void ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddSingleton<IClaimsTransformer, ClaimsTransformer>();
services.AddAuthorization(options =>
{
options.AddPolicy("RequireAdministratorRole", policy => policy.RequireClaim(ClaimTypes.Role, "Administrator"));
});
//...
}
[Authorize(Policy = "RequireAdministratorRole")]
public IActionResult Index() { }
我相信这正是我之后。我执行后会标记正确,并确保我没有其他问题。 – HuntK24