ASP.NET 5授权使用两个或多个策略(或组合策略) [英] ASP.NET 5 Authorize against two or more policies (OR-combined policy)

问题描述

是否可以针对两个或多个策略应用授权?我正在使用ASP.NET 5，rc1.

Is it possible to apply authorization against two or more policies? I am using ASP.NET 5, rc1.

[Authorize(Policy = "Limited,Full")]
public class FooBarController : Controller
{
    // This code doesn't work
}

如果没有，如何在不使用政策的情况下实现这一目标?可以访问此控制器的用户有两类:完全"和受限".用户可以属于全部"或受限"，或者两者都属于.他们只需要属于两个组之一即可访问此控制器.

If not, how may I achieve this without using policies? There are two groups of users that may access this controller: "Full" and "Limited". Users may either belong to "Full" or "Limited", or both. They only require to belong to one of the two groups in order to access this controller.

推荐答案

不是您想要的方式；策略被设计为累积性的.例如，如果您使用两个单独的属性，那么它们必须都通过.

Not the way you want; policies are designed to be cumulative. For example if you use two separate attributes then they must both pass.

您必须在单个策略中评估OR条件.但是您不必在单个处理程序中将其编码为OR.您可以有一个具有多个处理程序的需求.如果两个处理程序中的任何一个标记为成功，则满足要求.请参阅我的授权研讨会中的步骤6.

You have to evaluate OR conditions within a single policy. But you don't have to code it as ORs within a single handler. You can have a requirement which has more than one handler. If either of the handlers flag success then the requirement is fulfilled. See Step 6 in my Authorization Workshop.

这篇关于ASP.NET 5授权使用两个或多个策略(或组合策略)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！