在Netcore API 3.1中读取AuthorizationFilterContext [英] Reading the AuthorizationFilterContext in netcore api 3.1

问题描述

我有一个正在运行的netcore 2.2项目，在该项目中，我实施了一个自定义策略来检查API密钥.

I have a working netcore 2.2 project where I have implemented a custom policy that checks for API Keys.

在startup.cs中，我要像这样添加此政策

In the startup.cs I am adding this policy like this

//Add Key Policy
services.AddAuthorization(options =>
{
    options.AddPolicy("AppKey", policy => policy.Requirements.Add(new AppKeyRequirement()));
});

在我的AppKeyRequirement中，我从AuthorizationHandler继承，并像这样解析传入请求中的键

In my AppKeyRequirement I inherit from AuthorizationHandler and resolve the keys in the incoming requests like this

protected override Task HandleRequirementAsync(AuthorizationHandlerContext authContext, AppKeyRequirement requirement)
{
    var authorizationFilterContext = (AuthorizationFilterContext)authContext.Resource;
    var query = authorizationFilterContext.HttpContext.Request.Query;

    if (query.ContainsKey("key") && query.ContainsKey("app"))
    { // Do stuff

这在netcore 3.1中不起作用

This does not work in netcore 3.1

我遇到以下错误:

无法将类型为"Microsoft.AspNetCore.Routing.RouteEndpoint"的对象转换为类型为"Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext".

Unable to cast object of type 'Microsoft.AspNetCore.Routing.RouteEndpoint' to type 'Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext'.

在核心3及更高版本中执行此操作的正确方法是什么?

What is the correct way to do this in core 3 and above ?

如Kirk Larkin所指出的那样，.net 3.0及更高版本中的正确方法是将IHttpContextAccessor注入到Auth处理程序中并使用它.

As pointed out by Kirk Larkin, the correct way in .net 3.0 and above is to inject IHttpContextAccessor into the Auth handler and use that.

我现在的问题是如何注射呢?我无法在startup.cs中传递它，或者至少我不知道如何.

My question at this point is how do I inject this ? I cant pass this in startup.cs or at least I am not seeing how.

任何想法/提示都将不胜感激.

Any ideas/hints will be much appreciated.

推荐答案

ASP.NET Core 5.x

基于公告对于ASP.NET Core 5.0-preview7以后的版本，<将code> Resource 属性设置为请求的当前 HttpContext (使用端点路由时).这意味着以下示例将适用于ASP.NET Core 5.0及更高版本，而无需 IHttpContextAccessor :

ASP.NET Core 5.x

Based on the announcement for ASP.NET Core 5.0-preview7 onwards, the Resource property is set to the current HttpContext for the request (when using endpoint routing). This means the following example will work for ASP.NET Core 5.0 onwards, without the need for IHttpContextAccessor:

public class AppKeyAuthorizationHandler : AuthorizationHandler<AppKeyRequirement>
{
    protected override Task HandleRequirementAsync(
        AuthorizationHandlerContext authContext, AppKeyRequirement requirement)
    {
        var httpContext = authContext.Resource as HttpContext;
        var query = httpContext.Request.Query;

        if (query.ContainsKey("key") && query.ContainsKey("app"))
        {
            // ...
        }
    }
}

使用 httpContext.GetEndpoint()， RouteEndpoint 仍然可用.

在ASP.NET Core 3.0之前的版本中，在MVC管道期间调用了 IAuthorizationHandler 的实现.在3.0及更高版本(默认情况下使用端点路由)中，这些实现由授权中间件( UseAuthorization())调用.该中间件在MVC管道之前运行，而不是在MVC管道中运行.

In versions prior to ASP.NET Core 3.0, implementations of IAuthorizationHandler were called during the MVC pipeline. In 3.0 onwards, which uses endpoint-routing (by default), these implementations are called by the authorization middleware (UseAuthorization()). This middleware runs before the MVC pipeline, rather than as part of it.

此更改意味着 AuthorizationFilterContext 不再传递给授权处理程序.相反，它是 RouteEndpoint 的实例，该实例不提供对 HttpContext 的访问.

This change means that AuthorizationFilterContext is no longer passed in to authorization handlers. Instead, it's an instance of RouteEndpoint, which doesn't provide access to the HttpContext.

在您的示例中，您仅使用 AuthorizationFilterContext 来获取 HttpContext .在3.0及更高版本中，将 IHttpContextAccessor 注入到您的授权处理程序中并使用它.这是完整性的示例:

In your example, you're only using AuthorizationFilterContext to get hold of HttpContext. In 3.0+, inject IHttpContextAccessor into your authorization handler and use that. Here's an example for completeness:

public class AppKeyAuthorizationHandler : AuthorizationHandler<AppKeyRequirement>
{
    private readonly IHttpContextAccessor httpContextAccessor;

    public AppKeyAuthorizationHandler(IHttpContextAccessor httpContextAccessor)
    {
        this.httpContextAccessor = httpContextAccessor;
    }

    protected override Task HandleRequirementAsync(
        AuthorizationHandlerContext authContext, AppKeyRequirement requirement)
    {
        var httpContext = httpContextAccessor.HttpContext;
        var query = httpContext.Request.Query;

        if (query.ContainsKey("key") && query.ContainsKey("app"))
        {
            // ...
        }
    }
}

您可能还需要在 ConfigureServices 中注册 IHttpContextAccessor :

You might also need to register IHttpContextAccessor in ConfigureServices:

services.AddHttpContextAccessor();

请参见使用自定义组件中的HttpContext 了解有关使用 IHttpContextAccessor 的更多信息.

See Use HttpContext from custom components for more information about using IHttpContextAccessor.

这篇关于在Netcore API 3.1中读取AuthorizationFilterContext的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！