任何方式在.NET 1.0的核心MVC以便使用授权策略? [英] Any way to use Authorization Policies in a view in .NET Core 1.0 MVC?
问题描述
,你可以写 [授权(policyName)]
没有问题,但有没有办法在一个视图中使用的策略?我宁可不使用 User.IsInRole(...)
每一次我想要批准一些HTML。
编辑:
下面是一些code
Startup.cs - 政策声明
services.AddAuthorization(选项=>
{
options.AddPolicy(testPolicy,政策= GT;
{
policy.RequireAuthenticatedUser()
.RequireRole(RoleOne,RoleTwo,RoleThree)
.RequireClaim(ClaimTypes.Email);
});
});
管理器
[授权(testPolicy)]
公共类AdminController:控制器
{
公共IActionResult指数()
{
返回查看();
}
}
导航栏HTML
< DIV CLASS =导航栏导航栏,导航栏逆固定顶>
< DIV CLASS =容器>
< DIV CLASS =Navbar的垮垮>
< UL类=NAV导航栏,导航>
<立GT;< ASP一个控制器=家ASP-行动=指数>家庭和LT; / A>< /李> <! - 我想在这里实现我的政策。 - >
@if(User.IsInRole(...))
{
<立GT;< ASP一个控制器=管理ASP-行动=指数>联系< / A>< /李>
}
< / UL>
@await Html.PartialAsync(_ LoginPartial)
< / DIV>
< / DIV>
我发现这个链接,可能会有所帮助:的 https://docs.asp.net/en/latest/security/authorization/views.html
从该页面的例子:
@if(等待AuthorizationService.AuthorizeAsync(用户,PolicyName))
{
< P>的显示这一段,因为你满足PolicyName< / P>
}
在某些情况下,资源将是您的视图模型,你可以调用AuthorizeAsync在完全相同的方式,你会以资源为基础的授权过程中检查;
块引用>@if(等待AuthorizationService.AuthorizeAsync(用户,模型,Operations.Edit))
{
< P><一类=BTN BTN-默认的角色=按钮
HREF =@ Url.Action(编辑,一号文件,新{ID = Model.Id})>编辑< / A>< / P>
}我强烈建议其他的简短教程在那里,以及对.NET的核心。
I know in controllers, you can write
[Authorize("policyName")]
without an issue, but is there any way to use a policy in a view? I'd rather not useUser.IsInRole(...)
every single time I want to authorize some HTML.Edit:
Here's some code
Startup.cs -- Policy Declaration
services.AddAuthorization(options => { options.AddPolicy("testPolicy", policy => { policy.RequireAuthenticatedUser() .RequireRole("RoleOne", "RoleTwo", "RoleThree") .RequireClaim(ClaimTypes.Email); }); });
Admin Controller
[Authorize("testPolicy")] public class AdminController : Controller { public IActionResult Index() { return View(); } }
Navbar HTML
<div class="navbar navbar-inverse navbar-fixed-top"> <div class="container"> <div class="navbar-collapse collapse"> <ul class="nav navbar-nav"> <li><a asp-controller="Home" asp-action="Index">Home</a></li> <!-- I want to implement my policy here. --> @if (User.IsInRole("...")) { <li><a asp-controller="Admin" asp-action="Index">Admin</a></li> } </ul> @await Html.PartialAsync("_LoginPartial") </div> </div>
解决方案I found this link which may be helpful: https://docs.asp.net/en/latest/security/authorization/views.html
Examples from that page:
@if (await AuthorizationService.AuthorizeAsync(User, "PolicyName")) { <p>This paragraph is displayed because you fulfilled PolicyName.</p> }
In some cases the resource will be your view model, and you can call AuthorizeAsync in exactly the same way as you would check during resource based authorization;
@if (await AuthorizationService.AuthorizeAsync(User, Model, Operations.Edit)) { <p><a class="btn btn-default" role="button" href="@Url.Action("Edit", "Document", new {id= Model.Id})">Edit</a></p> }
I highly recommend the other short tutorials on there as well for .NET Core.
这篇关于任何方式在.NET 1.0的核心MVC以便使用授权策略?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!