目前我有一个简单的自定义策略处理程序,如下所示:
protected override void Handle(AuthorizationContext context, UserPolicyRequirement requirement)
{
// authorize user against policy requirements
if (_authorizationTask.AuthorizeUserAgainstPolicy(context.User, requirement))
{
// User passed policy req's
context.Succeed(requirement);
}
}
问题是,此授权步骤需要很长时间才能执行,但这在网站的许多不同区域都是必需的。是否存在任何可用的机制来保存/缓存此策略授权的结果,以便每次会话只需执行一次此操作?
我目前正在使用Windows身份验证,如果有帮助的话。
答案 0 :(得分:2)
如果per session方式不会导致任何问题,您可以使用Session来存储用户数据。简单的实现如下所示:
首先,您需要一项服务来从任何商店获取用户数据
public interface IGetUserDataService
{
<type> GetUserData();
}
我假设Session配置(see)和IGetUserDataService实施。
然后,您需要创建一个middleware来处理Session
public class SessionMiddleware
{
private readonly RequestDelegate _next;
private readonly IGetUserDataService _getUserDataService;
public SessionMiddleware(RequestDelegate next, IGetUserDataService getUserDataService)
{
_next = next;
_getUserDataService = getUserDataService;
}
public async Task Invoke(HttpContext context)
{
//user data is obtained only once then is stored in Session
if (context.Session.Get("UserData") == null)
{
context.Session.Set("UserData", getUserDataService.GetData());
}
await _next.Invoke(context);
}
}
//In Startup.cs
app.UseMiddleware<SessionMiddleware>();
最后在处理程序
中获取并使用会话数据public class YourHandler : AuthorizationHandler<YourRequirement>
{
private readonly IHttpContextAccessor _accessor;
public YourHandler(IHttpContextAccessor accessor)
{
_accessor = accessor;
}
protected override void Handle(AuthorizationContext context, PermissionRequirement requirement)
{
var userData =(<type>)_accessor.HttpContext.Session.Get("UserData");
// check
}
}