用于开发的 .NET Core API 条件身份验证属性生产 [英] .NET Core API Conditional Authentication attributes for Development & Production
问题描述
长话短说,是否可以在我的 API 上放置基于环境的授权属性,以便在开发中关闭授权限制并在生产中重新打开?
Long story short, Is it possible to place an environment based authorization attribute on my API so that the authorization restriction would be turned off in development and turned back on in Production?
我有一个单独的 Angular 2 项目,我希望用它来调用 .NET Core API.我们创建了一个单独的项目,以便我们可以在 vscode 中打开 Angular 2 项目并调试打字稿.完成后,出于安全原因,我们将构建项目并将其放置在 .NET Core 项目中.
I have a separate Angular 2 project that I wish to call a .NET Core API with. We created a separate project so we could open the Angular 2 project in vscode and debug the typescript. When we are finished, we will build the project and place it inside the .NET Core project for security reasons.
我们的问题是在调试阶段,我们无法连接到 API,因为它们是两个独立的项目,而我们的 Angular 2 项目没有 Active Directory..NET Core 项目当前具有身份验证属性,并且不允许访问 (401) API.如果我们能在开发过程中将其关闭并在生产过程中重新开启,那就太好了.
Our problem is that during the debugging stages, we are unable to connect to the API because they are two separate projects and our Angular 2 project does not have Active Directory. The .NET Core project currently has Authentication Attributes and wont allow access (401) to the API. It would be nice if we could turn that off during development and back on during production.
我也愿意接受关于我们如何最好地解决这个问题的任何其他建议.
I'm also open to any other suggestions on how we can best solve this problem.
[Authorize: (Only in Production)] <-- // something like this???
[Route("api/[controller]")]
public class TestController : Controller
{
...
推荐答案
ASP.NET Core 授权基于策略.正如您可能已经看到的,AuthorizeAttribute 可以采用策略名称,因此它知道需要满足哪些条件才能对请求进行授权.我建议您阅读优秀文档关于那个主题.
ASP.NET Core authorization is based on policies. As you may have seen, the AuthorizeAttribute can take a policy name so it knows which criteria need to be satisfied for the request to be authorized. I suggest that you have a read of the great documentation on that subject.
回到你的问题,看起来你没有使用特定的策略,所以它使用默认的策略,即 默认要求用户进行身份验证.
Back to your problem, it looks like you don't use a specific policy, so it uses the default one, which requires the user to be authenticated by default.
您可以在 Startup.cs 中更改该行为.如果您处于开发模式,您可以重新定义默认策略,使其没有任何要求:
You can change that behaviour in Startup.cs. If you're in development mode, you can redefine the default policy so that it doesn't have any requirements:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthorization(x =>
{
// _env is of type IHostingEnvironment, which you can inject in
// the ctor of Startup
if (_env.IsDevelopment())
{
x.DefaultPolicy = new AuthorizationPolicyBuilder().Build();
}
});
}
<小时>
更新
im1dermike 在评论中提到 AuthorizationPolicy 至少需要一个要求,我们可以看到 此处.这段代码不是最近引入的,所以这意味着上面的解决方案一直被破坏.
Update
im1dermike mentioned in a comment that an AuthorizationPolicy needs at least one requirement, as we can see here. That code wasn't introduced recently, so it means the solution above was broken the whole time.
为了解决这个问题,我们仍然可以利用 AuthorizationPolicyBuilder 的noreferrer">RequireAssertion 方法并添加一个虚拟需求.这看起来像:
To work around this, we can still leverage the RequireAssertion method of AuthorizationPolicyBuilder and add a dummy requirement. This would look like:
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthorization(x =>
{
// _env is of type IHostingEnvironment, which you can inject in
// the ctor of Startup
if (_env.IsDevelopment())
{
x.DefaultPolicy = new AuthorizationPolicyBuilder()
.RequireAssertion(_ => true)
.Build();
}
});
}
这确保我们在授权策略中至少有一项要求,而且我们知道它总会通过.
This ensures we have at least one requirement in the authorization policy, and we know that it will always pass.
这篇关于用于开发的 .NET Core API 条件身份验证属性生产的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
