如何在.net核心2.0中做简单的头文件授权? [英] How to do simple header authorization in .net core 2.0?
问题描述
我有这样的cookie授权:
services.AddAuthentication(ExampleCookieAuthenticationScheme)
.AddCookie(ExampleCookieAuthenticationScheme,options => {
options.AccessDeniedPath =/ Account / Forbidden /;
options.LoginPath =/ Account / Login /;
});
对于我的控制器的另一部分,我想简单地根据一个简单的头文件授权
在我找到的例子中,我无法获取标题,或者它们仅用于facebook,google,cookies等。
我添加了一个在.Net core 2.0中执行简单的头部检查的授权?
可以使用简单的授权检查一个定制的中间件,但如果需要为选定的控制器或操作方法应用定制中间件,则可以使用中间件过滤器。
中间件及其应用程序构建器扩展:
public class SimpleHeaderAuthorizationMiddleware
{
private readonly RequestDelegate _next;
public SimpleHeaderAuthorizationMiddleware (RequestDelegate next)
{
_next = next;
}
public a sync Task Invoke(HttpContext context){
string authHeader = context.Request.Headers [Authorization];
if(!string.IsNullOrEmpty(authHeader))
{
// TODO
//从authHeader提取凭证并进行一些排序或验证
bool isHeaderValid = ValidateCredentials ();
if(isHeaderValid){
await _next.Invoke(context);
return;
}
}
//拒绝请求,如果没有授权头或者它是无效的
context.Response.StatusCode = 401;
等待context.Response.WriteAsync(未授权);
public static class SimpleHeaderAuthorizationMiddlewareExtension
{
public static IApplicationBuilder UseSimpleHeaderAuthorization(this IApplicationBuilder app)
{
if(app == null)
{
throw new ArgumentNullException(nameof(app));
}
返回app.UseMiddleware< SimpleHeaderAuthorizationMiddleware>();
$ / code>
为了将中间件用作过滤器,您需要使用 Configure
方法创建一个类型,该方法指定要使用的中间件管道。
public class SimpleHeaderAuthorizationPipeline
{
public void Configure(IApplicationBuilder applicationBuilder){
applicationBuilder.UseSimpleHeaderAuthorization();
$ b现在你可以在特定的控制器中使用上述类型,或者这样的行为方法:
$ b $ pre $ [MiddlewareFilter(typeof(SimpleHeaderAuthorizationPipeline))]
public class ValuesController:Controller
{
}
I have been unable to find information on this particular issue after the 2.0 changes to .NET Core.
I have cookie authorization like this:
services.AddAuthentication("ExampleCookieAuthenticationScheme")
.AddCookie("ExampleCookieAuthenticationScheme", options => {
options.AccessDeniedPath = "/Account/Forbidden/";
options.LoginPath = "/Account/Login/";
});
For another part (of my controllers I would like to simply authorize based on a simple header. In the examples I've found, either I am unable to get the headers, or they have been made only for facebook, google, cookies etc.
How do I add an authorization that performs a simple header check in .Net core 2.0?
It is possible to perform simple authorization check using a custom middleware. But if it is required to apply the custom middleware for selected controllers or action methods, you can use Middleware filter.
Middleware and its app builder extension:
public class SimpleHeaderAuthorizationMiddleware
{
private readonly RequestDelegate _next;
public SimpleHeaderAuthorizationMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task Invoke(HttpContext context){
string authHeader = context.Request.Headers["Authorization"];
if(!string.IsNullOrEmpty(authHeader))
{
//TODO
//extract credentials from authHeader and do some sort or validation
bool isHeaderValid = ValidateCredentials();
if(isHeaderValid){
await _next.Invoke(context);
return;
}
}
//Reject request if there is no authorization header or if it is not valid
context.Response.StatusCode = 401;
await context.Response.WriteAsync("Unauthorized");
}
}
public static class SimpleHeaderAuthorizationMiddlewareExtension
{
public static IApplicationBuilder UseSimpleHeaderAuthorization(this IApplicationBuilder app)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
return app.UseMiddleware<SimpleHeaderAuthorizationMiddleware>();
}
}
In order to use middleware as a filter, you need to create a type with Configure
method that specifies the middleware pipeline that you want to use.
public class SimpleHeaderAuthorizationPipeline
{
public void Configure(IApplicationBuilder applicationBuilder){
applicationBuilder.UseSimpleHeaderAuthorization();
}
}
Now you can use the above type in specific controller or action methods like this:
[MiddlewareFilter(typeof(SimpleHeaderAuthorizationPipeline))]
public class ValuesController : Controller
{
}
这篇关于如何在.net核心2.0中做简单的头文件授权?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!