PermissionRequirement
public class PermissionRequirement : AuthorizationHandler<PermissionRequirement>, IAuthorizationRequirement
{
public string PermissionName { get; set; }
public PermissionRequirement(string permissionName)
{
PermissionName = permissionName;
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
{
// 獲取使用者許可權
var userPermissions = PermissionService.GetPermissions(context.User.Identity?.Name);
if (userPermissions != null && userPermissions.Contains(requirement.PermissionName))
{
context.Succeed(requirement);
}
}
}
PermissionAuthorizationPolicyProvider
public class PermissionAuthorizationPolicyProvider : DefaultAuthorizationPolicyProvider, IAuthorizationPolicyProvider
{
public PermissionAuthorizationPolicyProvider(IOptions<AuthorizationOptions> options) : base(options)
{
}
public override async Task<AuthorizationPolicy?> GetPolicyAsync(string policyName)
{
var policy = await base.GetPolicyAsync(policyName);
if (policy != null)
{
return policy;
}
var builder = new AuthorizationPolicyBuilder();
builder.AddRequirements(new PermissionRequirement(policyName));
return builder.Build();
}
}
PermissionService
public class PermissionService
{
public static List<string> GetPermissions(string? name)
{
return new List<string>
{
"auth1",
"auth2",
};
}
}
使用
builder.Services.AddTransient<IAuthorizationPolicyProvider, PermissionAuthorizationPolicyProvider>();
[Authorize("auth1")]
public IActionResult Privacy()
{
return View();
}