如何向RazorPages添加授权? [英] How to add authorization to RazorPages?
问题描述
我查看了当前的官方Microsoft文档并且找不到适当的方法来涵盖如何处理RazorPages的授权.
I have looked at the current official Microsoft Docs and was unable to find anything properly covering how to handle authorization for RazorPages.
我发现您可以像这样将AuthorizeAttribute
添加到PageModel
:
I figured out that you can add the AuthorizeAttribute
to the PageModel
like so:
// using Microsoft.AspNetCore.Authorization
[Authorize]
public class IndexModel : PageModel
{
...
}
我不想在每个页面上重复此操作.有更好的方法吗?
I don't want to repeat this for every page. Is there a better way?
推荐答案
您可以在ConfigureServices
方法下配置授权.这是一个示例:
You can configure authorization under the ConfigureServices
method. Here is an example :
services.AddMvc()
.AddRazorPagesOptions(options =>
{
options.Conventions.AuthorizeFolder("/MembersOnly");
options.Conventions.AuthorizePage("/Account/Logout");
options.Conventions.AuthorizeFolder("/Pages/Admin", "Admins"); // with policy
options.Conventions.AllowAnonymousToPage("/Pages/Admin/Login"); // excluded page
options.Conventions.AllowAnonymousToFolder("/Public"); // just for completeness
});
上面的示例是从示例在官方存储库中提供.
AuthrorizeFolder
将限制对整个文件夹的访问,而AuthorizePage
将根据单个页面来限制访问. AllowAnonymousToFolder
和AllowAnonymousToPage
与此相反.
The AuthrorizeFolder
will restrict access to the entire folder, whereas the AuthorizePage
would be restricting access based on the individual page. The AllowAnonymousToFolder
and AllowAnonymousToPage
doing the opposite, accordingly.
对于上述特定文档,到今天为止,该文档仍在完成中..但是,您可以阅读其进度并在此处进行跟踪 https://github.com/aspnet/Docs/issues/4281
For specific documentation on the above, as of today, the documentation is still being completed. However, you can read about the progress of it and track it here https://github.com/aspnet/Docs/issues/4281
这篇关于如何向RazorPages添加授权?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!