如何更改状态码从失败的AuthorizationHandler策略添加消息 [英] How to change status code & add message from failed AuthorizationHandler policy
本文介绍了如何更改状态码从失败的AuthorizationHandler策略添加消息的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
致力于实施自定义策略的.net核心应用.
Working on a .net core app implementing a custom policy.
假设我们有一个非常简单的自定义政策:
Let's say we have a very simple custom policy:
internal class RequireNamePolicy : AuthorizationHandler<RequireNameRequirement>, IAuthorizationRequirement
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RequireNameRequirement requirement)
{
var nameClaim = context.User.Claims.FirstOrDefault(c => c.Type == Claims.Name);
if (nameClaim != null && nameClaim.Value == "Chimney Spork")
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return Task.CompletedTask;
}
}
internal class RequireNameRequirement : IAuthorizationRequirement
{
}
现在让我们说声明不存在,因此我们点击了context.Fail().默认响应是没有邮件正文的403.
Now let's say the claim doesn't exist, so we hit context.Fail(). The default response is a 403 with no message body.
我的问题是,我们将在哪里更改状态代码(至401)并返回一条说明该问题的消息(即声明不存在)?
My question is, where would we change the status code (to 401) and return a message that states the problem (ie claim not present)?
推荐答案
此方法尚未实现.您可以在此处进行跟进.一种可能的解决方法是:
This is not yet implemented. You can follow up on this here. One possible workaround would be:
internal class RequireNamePolicy : AuthorizationHandler<RequireNameRequirement>, IAuthorizationRequirement
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RequireNameRequirement requirement)
{
var authorizationFilterContext = context.Resource as AuthorizationFilterContext;
var nameClaim = context.User.Claims.FirstOrDefault(c => c.Type == Claims.Name);
if (nameClaim != null && nameClaim.Value == "Chimney Spork")
{
context.Succeed(requirement);
}
else
{
authorizationFilterContext.Result = new JsonResult("Custom message") { StatusCode = 401 };
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
这篇关于如何更改状态码从失败的AuthorizationHandler策略添加消息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文