openid:创建基于声明的授权属性 [英] openid: create claim based authorization attribute

问题描述

我已经对我的api(web-api 2)实现了SSO，它可以正确验证令牌.但是现在我必须添加一个基于声明的授权属性.在访问令牌中，我有:

I have implemented SSO to my api (web-api 2) and it's validating correctly the token. But now I have to add a claim based authorization attribute. In the access token I have:

 "MyClaim.Read.All": "true"

我想实现以下目标:

[ClaimAuthorizationAttribute("MyClaim.Read.All")]
public sealed class MerchantProfileController : ApiController

因此，如果令牌不包含此声明，我将给出一个401错误.

So that if the token doesn't contain this claim, I would give a 401 error.

如何实现此目标，以便我可以将此属性用于我想要的任何索赔的控制器?

How to achieve this, so I can use this attribute to any controller I want with any claim?

推荐答案

所以我创建了一个授权属性:

So I've created an authorization attribute:

    [AttributeUsage(AttributeTargets.All)]
    public sealed class ClaimAuthorizationAttribute : AuthorizeAttribute
    {
        /// <summary>
        /// Gets or sets the claim to check in the web token
        /// </summary>
        public string Claim { get; set; }

        /// <inheritdoc/>
        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            if (actionContext == null)
            {
                throw new ArgumentNullException(nameof(actionContext));
            }

            var decoder = new JwtSecurityTokenHandler();

            var token = (JwtSecurityToken)decoder.ReadToken(actionContext.Request.Headers.Authorization.Parameter);

            return token.Claims.Any(c => c.Type.Equals(this.Claim) && c.Value.Equals("True", StringComparison.OrdinalIgnoreCase));
        }
    }

这里适用于控制器:

[ClaimAuthorization(Claim = "MyClaim.Read.All")]

这篇关于openid:创建基于声明的授权属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！