.NET Core 覆盖特定操作的控制器级别授权属性 [英] .NET Core override controller level Authorize attribute for a specific action
问题描述
这是一个解释案例的示例控制器
[授权]公共类 AccountController : ControllerBase{[允许匿名][授权(政策=特定政策")]公共字符串 MethodA() {}公共字符串 MethodB() {}}- MethodA 只能通过SpecificPolicy"获得授权.
- MethodB 应该通过 Authorized 属性授权
我遇到的问题是,如果我删除 AllowAnonymous 属性,则控制器上的 Authorize 优先,而我不希望 MethodA.
当我为 MethodA 保留 AllowAnonymous 时,Authorize(Policy = "SpecificPolicy") 将被忽略.
<块引用>
当我为 MethodA 保留 AllowAnonymous 时,Authorize(Policy = "SpecificPolicy") 将被忽略.
[AllowAnonymous] 绕过所有其他授权属性.当你同时拥有其他授权属性时,所有其他属性都被忽略,甚至其他属性都是更具体的方法级别.
例如:
[AllowAnonymous]公共类仪表板控制器:控制器{[授权]公共 IActionResult 索引(){返回视图();}}/dashboard 将开放/公开.
我遇到的问题是,如果我删除 AllowAnonymous 属性,则控制器上的 Authorize 优先,而我不希望 MethodA.
当您有多个授权属性时,需要满足所有这些属性才能调用该方法.在您的情况下,[Authorize] 和 [Authorize(Policy = "SpecificPolicy")] 在授予访问权限之前都必须通过.
如果不想[Authorize]优先,只能应用到方法B:
公共类 AccountController : ControllerBase{[授权(政策=特定政策")]公共字符串 MethodA() {}[授权]公共字符串 MethodB() {}}<块引用>
我想避免将特定的 [Authorize] 属性放在动作上,因为该控制器有很多动作,但只有一个动作有自己的授权规则.
那么这可能是您将 MethodA 分成区域的好时机.
例如:
您的 AccountController 上仍有 [Authorize],但只需取出 MethodA:
[授权]公共类 AccountController : ControllerBase{公共字符串 MethodB() {}}然后为 MethodA 创建一个区域:
[Area("specific")][授权(政策=特定政策")]公共抽象类 SpecificControllerBase : ControllerBase{ }公共类 AccountController : SpecificationControllerBase{公共字符串 MethodA() {}}最后你需要在你的Startup.cs中注册区域路由:
app.UseMvc(routes =>{...路线.MapRoute(名称:区域路线",模板:{area:exists}/{controller=dashboard}/{action=index}/{id?}");路线.MapRoute(名称:默认",模板:{controller=home}/{action=index}/{id?}");});Here is an example controller to explain the case
[Authorize]
public class AccountController : ControllerBase
{
[AllowAnonymous]
[Authorize(Policy = "SpecificPolicy")]
public string MethodA() {}
public string MethodB() {}
}
- MethodA should only be authorized via "SpecificPolicy".
- MethodB should be authorized via the Authorized attribute
The issue I'm having is that if I remove the AllowAnonymous attribute then Authorize on the controller takes precedence which I don't want for MethodA.
When I keep AllowAnonymous for MethodA then Authorize(Policy = "SpecificPolicy") is ignored.
When I keep AllowAnonymous for MethodA then Authorize(Policy = "SpecificPolicy") is ignored.
[AllowAnonymous] bypasses all other authorization attributes. When you have it with other authorize attributes at the same time, all other attributes are ignored, even other attributes are the-more-specific method level.
For example:
[AllowAnonymous]
public class DashboardController : Controller
{
[Authorize]
public IActionResult Index()
{
return View();
}
}
/dashboard will be open/public.
The issue I'm having is that if I remove the AllowAnonymous attribute then Authorize on the controller takes precedence which I don't want for MethodA.
When you have multiple authorize attributes, all of them need to be satisfied before you can make the call to the method. In your case, both [Authorize] and [Authorize(Policy = "SpecificPolicy")] must pass before access is granted.
If you don't want [Authorize] to take the precedence, you can only apply it to method B:
public class AccountController : ControllerBase
{
[Authorize(Policy = "SpecificPolicy")]
public string MethodA() {}
[Authorize]
public string MethodB() {}
}
I want to avoid putting specific [Authorize] attributes on actions since that Controller has lots of actions but a single action that has it's own authorize rule.
Then this might be good time for you to separate MethodA into Areas.
For example:
You still have [Authorize] on your AccountController, but just take out the MethodA:
[Authorize]
public class AccountController : ControllerBase
{
public string MethodB() {}
}
Then you create an Area for MethodA:
[Area("specific")]
[Authorize(Policy = "SpecificPolicy")]
public abstract class SpecificControllerBase : ControllerBase
{ }
public class AccountController : SpecificationControllerBase
{
public string MethodA() {}
}
Lastly you need to register the area route in your Startup.cs:
app.UseMvc(routes =>
{
...
routes.MapRoute(
name: "areaRoute",
template: "{area:exists}/{controller=dashboard}/{action=index}/{id?}");
routes.MapRoute(
name: "default",
template: "{controller=home}/{action=index}/{id?}");
});
这篇关于.NET Core 覆盖特定操作的控制器级别授权属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
