.NET Core覆盖控制器级别的特定操作的Authorize属性 [英] .NET Core override controller level Authorize attribute for a specific action

问题描述

这是一个解释此情况的示例控制器

Here is an example controller to explain the case

[Authorize]
public class AccountController : ControllerBase
{
    [AllowAnonymous]
    [Authorize(Policy = "SpecificPolicy")]
    public string MethodA() {}

    public string MethodB() {}
}

• 方法A仅应通过"SpecificPolicy"进行授权.
• 方法B应通过授权"属性进行授权

我遇到的问题是，如果我删除AllowAnonymous属性，则控制器上的Authorize优先于MethodA不需要的优先级.

The issue I'm having is that if I remove the AllowAnonymous attribute then Authorize on the controller takes precedence which I don't want for MethodA.

当我为MethodA保留AllowAnonymous时，将忽略Authorize(Policy ="SpecificPolicy").

When I keep AllowAnonymous for MethodA then Authorize(Policy = "SpecificPolicy") is ignored.

推荐答案

当我为MethodA保留AllowAnonymous时，将忽略Authorize(Policy ="SpecificPolicy").

When I keep AllowAnonymous for MethodA then Authorize(Policy = "SpecificPolicy") is ignored.

[AllowAnonymous] 绕过所有其他授权属性.当您同时将其与其他授权属性一起使用时，所有其他属性将被忽略，甚至其他属性也是更特定的方法级别.

[AllowAnonymous] bypasses all other authorization attributes. When you have it with other authorize attributes at the same time, all other attributes are ignored, even other attributes are the-more-specific method level.

例如:

[AllowAnonymous]
public class DashboardController : Controller
{
    [Authorize]
    public IActionResult Index()
    {
        return View();
    }
}

/dashboard 将打开/公开.

我遇到的问题是，如果我删除AllowAnonymous属性，则控制器上的Authorize优先于MethodA不需要的优先级.

The issue I'm having is that if I remove the AllowAnonymous attribute then Authorize on the controller takes precedence which I don't want for MethodA.

当您具有多个授权属性时，必须先满足所有条件，然后才能调用该方法.对于您来说， [Authorize] 和 [Authorize(Policy ="SpecificPolicy")] 都必须在授予访问权限之前通过.

When you have multiple authorize attributes, all of them need to be satisfied before you can make the call to the method. In your case, both [Authorize] and [Authorize(Policy = "SpecificPolicy")] must pass before access is granted.

如果您不希望 [Authorize] 优先，则只能将其应用于方法B:

If you don't want [Authorize] to take the precedence, you can only apply it to method B:

public class AccountController : ControllerBase
{
    [Authorize(Policy = "SpecificPolicy")]
    public string MethodA() {}

    [Authorize]
    public string MethodB() {}
}

我想避免在操作上放置特定的[Authorize]属性，因为该Controller有很多操作，但是一个具有自己的授权规则的操作.

I want to avoid putting specific [Authorize] attributes on actions since that Controller has lots of actions but a single action that has it's own authorize rule.

那么这可能是您将MethodA划分为 Areas (区域)的好时机.

Then this might be good time for you to separate MethodA into Areas.

例如:

您的 AccountController 上仍然具有 [Authorize] ，但是只需取出MethodA:

You still have [Authorize] on your AccountController, but just take out the MethodA:

[Authorize]
public class AccountController : ControllerBase
{
    public string MethodB() {}
}

然后为MethodA创建一个区域:

Then you create an Area for MethodA:

[Area("specific")]
[Authorize(Policy = "SpecificPolicy")]
public abstract class SpecificControllerBase : ControllerBase
{ }

public class AccountController : SpecificationControllerBase
{
    public string MethodA() {}
}

最后，您需要在 Startup.cs 中注册区域路由:

Lastly you need to register the area route in your Startup.cs:

app.UseMvc(routes =>
{
    ...

    routes.MapRoute(
        name: "areaRoute",
        template: "{area:exists}/{controller=dashboard}/{action=index}/{id?}");

    routes.MapRoute(
        name: "default",
        template: "{controller=home}/{action=index}/{id?}");
});

这篇关于.NET Core覆盖控制器级别的特定操作的Authorize属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！