ASP.NET 5 针对两个或多个策略进行授权(OR 组合策略) [英] ASP.NET 5 Authorize against two or more policies (OR-combined policy)

问题描述

是否可以针对两个或多个政策应用授权?我使用的是 ASP.NET 5，rc1.

Is it possible to apply authorization against two or more policies? I am using ASP.NET 5, rc1.

[Authorize(Policy = "Limited,Full")]
public class FooBarController : Controller
{
    // This code doesn't work
}

如果没有，我如何在不使用政策的情况下实现这一目标?有两组用户可以访问此控制器:完整"和受限".用户可能属于Full"或Limited"，或两者都属于.他们只需要属于这两个组之一即可访问此控制器.

If not, how may I achieve this without using policies? There are two groups of users that may access this controller: "Full" and "Limited". Users may either belong to "Full" or "Limited", or both. They only require to belong to one of the two groups in order to access this controller.

推荐答案

不是你想要的方式；政策旨在累积.例如，如果您使用两个单独的属性，则它们都必须通过.

Not the way you want; policies are designed to be cumulative. For example if you use two separate attributes then they must both pass.

您必须在单个策略中评估 OR 条件.但是您不必在单个处理程序中将其编码为 OR.您可以有一个具有多个处理程序的需求.如果任一处理程序标记成功，则满足要求.请参阅我的授权研讨会中的第 6 步.

You have to evaluate OR conditions within a single policy. But you don't have to code it as ORs within a single handler. You can have a requirement which has more than one handler. If either of the handlers flag success then the requirement is fulfilled. See Step 6 in my Authorization Workshop.

这篇关于ASP.NET 5 针对两个或多个策略进行授权(OR 组合策略)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！