如何制作一个可以调用数据库来检查用户声明以授权用户的中间件，在ASP.NET Core 2.2中 [英] How to make a middleware that can call database to check user claims to authorize a user in asp.net core 2.2

问题描述

在asp.net core 2.2中制作中间件的最佳实践是什么或实现中间件的正确方法是什么.

What is the best practice to make a middleware or a proper way to implement middleware in asp.net core 2.2.

我的场景是 我在asp.net core 2.2中构建了一个Web API，并且在控制器中实现了授权，例如[Authorize(Policy = "UserDelete")] UserDelete是用户声明，我的问题是我有很多用户声明，用户最多可以拥有20个声明如果我将此声明保存在JWT中，可能会导致JWT很大，我想要做的就是调用声明或创建一个中间件来为此声明调用数据库，这样我需要保存在JWT中的就是用户凭据.

My Scenario is I have a web api build in asp.net core 2.2 and I implement authorization in my controller something like this [Authorize(Policy = "UserDelete")] UserDelete is a user claim my problem is i have many user claim can user have, more or less up to 20 claims if I save this claims in JWT it can cause large size of JWT all i want to do is to call claims or create a middleware that call the database for this claims so that all i need to save in JWT is user credentials.

推荐答案

您所需要做的就是创建一个AuthorizationHandler，请按照以下说明进行操作: 1-创建一个类并将其命名为MinimumPermissionHandler或其他名称.在其中复制并粘贴以下代码:

All you need is to create an AuthorizationHandler, please follow the instructions: 1- create a class and name it MinimumPermissionHandler or whatever. copy and paste following codes in it:

public class MinimumPermissionRequirement : IAuthorizationRequirement { }

public class MinimumPermissionHandler : AuthorizationHandler<MinimumPermissionRequirement>
{
    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, MinimumPermissionRequirement requirement)
    {
        if (!(context.Resource is AuthorizationFilterContext filterContext))
        {
            context.Fail();
            return Task.CompletedTask;
        }

        //check if token has subjectId
        var subClaim = context.User?.Claims?.FirstOrDefault(c => c.Type == "sub");
        if (subClaim == null)
        {
            context.Fail();
            return Task.CompletedTask;
        }

        //check if token is expired
        var exp = context.User.Claims.FirstOrDefault(c => c.Type == "exp")?.Value;
        if(exp == null || new DateTime(1970, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc).AddSeconds(long.Parse(exp)).ToLocalTime() < DateTime.Now)
        {
            context.Fail();
            return Task.CompletedTask;
        }

        //other checkpoints
        //your db functions to check if user has desired claims

        context.Succeed(requirement);
        return Task.CompletedTask;
    }
}

2-定义一个策略并将处理程序添加到服务中，因此将以下几行添加到您的Startup类中:

2- Define a policy and add the handler to services, so put this lines in your Startup class:

public void ConfigureServices(IServiceCollection services)
{
   //deleted extra lines for brevity 
   services.AddAuthorization(options =>
   {
      options.AddPolicy("AccessControl", policy =>
      {
           policy.RequireAuthenticatedUser();
           policy.AddRequirements(new MinimumPermissionRequirement());
      });
   });
   //injection
   services.AddScoped<IAuthorizationHandler, MinimumPermissionHandler>();
}

3-最后，要检查访问权限，只需将此代码放在Controller上方

3- Finally for checking access permission just put this code above Controllers

[Authorize(Policy = "AccessControl")]

这篇关于如何制作一个可以调用数据库来检查用户声明以授权用户的中间件，在ASP.NET Core 2.2中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！