如何在.net核心2.0中做简单的头文件授权？ [英] How to do simple header authorization in .net core 2.0?

问题描述

我有这样的cookie授权：

  services.AddAuthentication（ExampleCookieAuthenticationScheme）
 .AddCookie（ExampleCookieAuthenticationScheme，options => {
 options.AccessDeniedPath =/ Account / Forbidden /; 
 options.LoginPath =/ Account / Login /; 
}）; 
  

对于我的控制器的另一部分，我想简单地根据一个简单的头文件授权
在我找到的例子中，我无法获取标题，或者它们仅用于facebook，google，cookies等。

我添加了一个在.Net core 2.0中执行简单的头部检查的授权？

解决方案

可以使用简单的授权检查一个定制的中间件，但如果需要为选定的控制器或操作方法应用定制中间件，则可以使用中间件过滤器。

中间件及其应用程序构建器扩展：

  public class SimpleHeaderAuthorizationMiddleware 
 {
 private readonly RequestDelegate _next; 
 
 public SimpleHeaderAuthorizationMiddleware （RequestDelegate next）
 {
 _next = next; 
} 
 
 public a sync Task Invoke（HttpContext context）{
 
 string authHeader = context.Request.Headers [Authorization]; 
 if（！string.IsNullOrEmpty（authHeader））
 {
 // TODO 
 //从authHeader提取凭证并进行一些排序或验证
 bool isHeaderValid = ValidateCredentials （）; 
 if（isHeaderValid）{
 await _next.Invoke（context）; 
 return; 
} 
 
} 
 
 //拒绝请求，如果没有授权头或者它是无效的
 context.Response.StatusCode = 401; 
等待context.Response.WriteAsync（未授权）; 
 
 
 
 
 public static class SimpleHeaderAuthorizationMiddlewareExtension 
 {
 public static IApplicationBuilder UseSimpleHeaderAuthorization（this IApplicationBuilder app）
 {
 if（app == null）
 {
 throw new ArgumentNullException（nameof（app））; 
} 
 
返回app.UseMiddleware< SimpleHeaderAuthorizationMiddleware>（）; 
 
 
 $ / code> 

为了将中间件用作过滤器，您需要使用 Configure 方法创建一个类型，该方法指定要使用的中间件管道。



  public class SimpleHeaderAuthorizationPipeline 
 {
 public void Configure（IApplicationBuilder applicationBuilder）{
 applicationBuilder.UseSimpleHeaderAuthorization（）; 
 
 
 
 
 
 
 $ b现在你可以在特定的控制器中使用上述类型，或者这样的行为方法：
 $ b $ pre $  [MiddlewareFilter（typeof（SimpleHeaderAuthorizationPipeline））] 
 public class ValuesController：Controller 
 {
} 
  




I have been unable to find information on this particular issue after the 2.0 changes to .NET Core.

I have cookie authorization like this:

services.AddAuthentication("ExampleCookieAuthenticationScheme")
    .AddCookie("ExampleCookieAuthenticationScheme", options => {
         options.AccessDeniedPath = "/Account/Forbidden/";
             options.LoginPath = "/Account/Login/";
});

For another part (of my controllers I would like to simply authorize based on a simple header. In the examples I've found, either I am unable to get the headers, or they have been made only for facebook, google, cookies etc.

How do I add an authorization that performs a simple header check in .Net core 2.0?

解决方案

It is possible to perform simple authorization check using a custom middleware. But if it is required to apply the custom middleware for selected controllers or action methods, you can use Middleware filter.

Middleware and its app builder extension:

public class SimpleHeaderAuthorizationMiddleware
    {
        private readonly RequestDelegate _next;

        public SimpleHeaderAuthorizationMiddleware(RequestDelegate next)
        {
            _next = next;
        }

        public async Task Invoke(HttpContext context){ 

            string authHeader = context.Request.Headers["Authorization"];
            if(!string.IsNullOrEmpty(authHeader))
            {
                //TODO
                //extract credentials from authHeader and do some sort or validation
                bool isHeaderValid =  ValidateCredentials();
                if(isHeaderValid){
                    await _next.Invoke(context);
                    return;
                }

            }

            //Reject request if there is no authorization header or if it is not valid
            context.Response.StatusCode = 401; 
            await context.Response.WriteAsync("Unauthorized");

        }

    }

public static class SimpleHeaderAuthorizationMiddlewareExtension
    {
        public static IApplicationBuilder UseSimpleHeaderAuthorization(this IApplicationBuilder app)
        {
            if (app == null)
            {
                throw new ArgumentNullException(nameof(app));
            }

            return app.UseMiddleware<SimpleHeaderAuthorizationMiddleware>();
        }
    }

In order to use middleware as a filter, you need to create a type with Configure method that specifies the middleware pipeline that you want to use.

public class SimpleHeaderAuthorizationPipeline
    {
        public void Configure(IApplicationBuilder applicationBuilder){
            applicationBuilder.UseSimpleHeaderAuthorization();
        }
    }

Now you can use the above type in specific controller or action methods like this:

[MiddlewareFilter(typeof(SimpleHeaderAuthorizationPipeline))]
public class ValuesController : Controller
{
}

这篇关于如何在.net核心2.0中做简单的头文件授权？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！