尝试在所有控制器中应用授权过滤器，但未使用IAuthorizationHandler [英] Trying to apply an authorisation filter in all my controllers but IAuthorizationHandler is not being used

问题描述

我尝试定义一个授权策略，该策略将应用于所有控制器的所有方法。我正在尝试遵循此处给出的指南，在特定端点的授权小节中，以替代我以前的 AuthorizeFilter ，但确实如此

I try to define an authorization policy to be applied in all methods of all my controllers. I am trying to follow the guidelines given here, in "Authorization for specific endpoints" subsection to substitute my previous AuthorizeFilter but it does not work.

在我的启动中，我有：

app.UseAuthentication();
app.UseAuthorization();

app.UseEndpoints(endpoints =>
{
    endpoints.MapDefaultControllerRoute().RequireAuthorization();
});

在 ConfigureServices ：

services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
    .AddAzureADBearer(options => this.Configuration.Bind("AzureAd", options));

services.AddAuthorization(options =>
{
    options.DefaultPolicy = new AuthorizationPolicyBuilder()
        .AddRequirements(new MyRequirement(MyParams))
        .Build();
});
(...)
    services.AddTransient<IAuthorizationHandler, MyAuthorizationHandler>();

我有一个要求：

public class MyRequirement : IAuthorizationRequirement
{
    public EntityType MyParams { get; private set; }

    public MyRequirement(MyParams myParams) { MyParams = myParams; }
}

和一个处理程序：

public class MyAuthorizationHandler : AuthorizationHandler<MyRequirement>
{
    private readonly ILogger<MyAuthorizationHandler> logger;
    private readonly IHttpContextAccessor httpContextAccessor;

    public MyAuthorizationHandler(IHttpContextAccessor httpContextAccessor, ILogger<MyAuthorizationHandler> logger)
    {
        this.httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
        this.logger = logger;
    }

    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, MyRequirement requirement)
    {
---> Some things. I don't get here when I debug.       
    }
}

在我的控制器中，我没有放置任何装饰器，因为我想将此授权策略应用于所有方法，这就是为什么我覆盖 DefaultPolicy 的原因。

In my controllers I do NOT put any decorator, because I want to apply this authorization policy to ALL my methods, and that's why I override the DefaultPolicy.

如果我调试，我不会像我期望的那样在Handler处停止。实际上，如果我在控制器中放置装饰器 [Authorize] ，我确实会停在那里，但是，正如我提到的那样，我试图避免必须全部编写该装饰器

If I debug, I do not stop at the Handler as I expect. Actually, if I put a decorator [Authorize] in the controller, I do stop there but, as I mentioned, I'm trying to avoid having to write this decorator in all the controllers.

为什么不起作用？谢谢！

Why is is not working? Thank you!

推荐答案

我终于解决了。在 ConfigureServices 在启动中：

I finally solved it. In ConfigureServices in startup:

services.AddAuthorization(options =>
{
    options.AddPolicy(
        "UserIsRegistered",
        new AuthorizationPolicyBuilder()
            .AddRequirements(new RegistrationRequirement())
            .Build());
});

然后我定义了 RegistrationRequirement ： p>

Then I defined the RegistrationRequirement:

 public class RegistrationRequirement : IAuthorizationRequirement
 {
 }

然后我定义了 RegistrationAuthorizationHandler

public class RegistrationAuthorizationHandler : AuthorizationHandler<RegistrationRequirement>
    {
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RegistrationRequirement requirement)
        {
---> LOGIC I WANT TO CHECK
            if (WHATEVER)
            {
                context.Succeed(requirement);
            }
            return Task.CompletedTask;
        }
    } 

，最后在 Configure 再次在启动中：

app.UseEndpoints(endpoints =>
{
    endpoints.MapControllers().RequireAuthorization("UserIsRegistered");
});

总而言之，我的主要问题是使用 MapDefaultControllerRoute 而不是 MapControllers ...

To sum up, my main problem it was using MapDefaultControllerRoute instead of MapControllers...

这篇关于尝试在所有控制器中应用授权过滤器，但未使用IAuthorizationHandler的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！