如何从authrizationhandler .net核心获取params

时间:2016-09-20 08:48:02

标签: c# asp.net-core .net-core

我正在使用授权处理程序将自定义授权放在.net核心的控制器中。如何从控制器获取参数并将其用于授权处理程序。

在旧的.net中,我可以像这样从

获取Httpcontext请求参数中的参数 
var eventId = filterContext.RequestContext.HttpContext.Request.Params["id"];

我不确定如何才能在.net core

中实现它 
enter code here

public class HasAdminRoleFromAnySiteRequirement : AuthorizationHandler<HasAdminRoleFromAnySiteRequirement>, IAuthorizationRequirement
{

    public HasAdminRoleFromAnySiteRequirement()
    {

    }
    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
        HasAdminRoleFromAnySiteRequirement requirement)
    {   

    //need to call get param from controller to used in the validation
    // something like this 
    //var eventId = filterContext.RequestContext.HttpContext.Request.Params["id"];
   // I tried the suggestion below but I can't get the parameter from routedata
   // var mvcContext = context.Resource as     Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;            

        return Task.FromResult(0);
    }
}

5 个答案:

答案 0 :(得分:13)

在您的处理程序中,您可以执行以下操作

public class DocumentController : Controller
{
    IAuthorizationService _authorizationService;

    public DocumentController(IAuthorizationService authorizationService)
    {
        _authorizationService = authorizationService;
    }
}

如果需要参数值,则在绑定发生之前运行授权属性片段。相反,你会转移到控制器内的强制调用。这基本上是resource based authorization,您的参数是资源。

您可以将授权服务注入您的控制器; 

public class DocumentAuthorizationHandler : AuthorizationHandler<MyRequirement, Document>
{
    public override Task HandleRequirementAsync(AuthorizationHandlerContext context,
                                                MyRequirement requirement,
                                                Document resource)
    {
        // Validate the requirement against the resource and identity.

        return Task.CompletedTask;
    }
}

然后稍微改写你的处理程序; 

if (await authorizationService.AuthorizeAsync(
    User, 
    document,     
    yourRequirement))
{
}

你可以看到这个处理程序获取一个文档,这可以是你喜欢的任何文件,无论是ID的整数,还是某种类型的视图模型。

然后您可以在HandleRequirementAsync()方法中访问它。

最后,一旦发生绑定,你就会在控制器内调用它; 

 /**
 * @Route("/login", name="login")
 */
public function loginAction(Request $request)
{
    $session = new Session();
    if ($request->getMethod() == 'POST') {
        $userData = $request->request->all();
        $newUser = new User();

        $foundUser = $this->getDoctrine()->getRepository('CmsUserBundle:User')->loadUsername($userData['username']);

        if ($foundUser != null) {
            $encodedPassword = md5($this->get('security.password_encoder')->encodePassword($newUser, $foundUser->getSalt()));
            if ($encodedPassword == $foundUser->getPassword() && $foundUser->getIsActive() == true) {
                $role =  $this->getDoctrine()->getRepository('CmsUserBundle:Role')->findBy(array('id' => $foundUser->getRoles()))[0];

                if($role->getIsActive() === TRUE) {
                    $token = new UsernamePasswordToken($foundUser, $foundUser->getPassword(), 'default', array($role->getRole()) );
                    $this->get('security.token_storage')->setToken($token);
                    $session->getFlashBag()->add('success', 'Pomyślnie zalogowano');
                    return $this->redirect($this->generateUrl('index'));
                }
                $session->getFlashBag()->add('success', 'Role access can recent disbaled');
            } else {
                $session->getFlashBag()->add('success', 'Invalid password or login');
            }
        } else {
            $session->getFlashBag()->add('success', 'Bad data');
        }
    }
    return $this->render('CmsUserBundle:Default:login.html.twig',
        array(
            'sessions' => $session->getFlashBag()->get('success'),
        )
    );
}

答案 1 :(得分:11)

在启用了终结点路由的ASP.NET Core 3.0中,您可以获得这样的路由参数值:

public class MyRequirementHandler : AuthorizationHandler<MyRequirement>
{
    private readonly IHttpContextAccessor _httpContextAccessor;

    public MyRequirementHandler(IHttpContextAccessor httpContextAccessor)
    {
       _httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
    }

    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MyRequirement requirement)
    {
        var routeData = _httpContextAccessor.HttpContext.GetRouteData();

        var areaName = routeData?.Values["area"]?.ToString();
        var area = string.IsNullOrWhiteSpace(areaName) ? string.Empty : areaName;

        var controllerName = routeData?.Values["controller"]?.ToString();
        var controller = string.IsNullOrWhiteSpace(controllerName) ? string.Empty : controllerName;

        var actionName = routeData?.Values["action"]?.ToString();
        var action = string.IsNullOrWhiteSpace(actionName) ? string.Empty : actionName;

        //...
    }
}

答案 2 :(得分:5)

在ASP.NET Core 2.2中,您可以获得如下所示的路由参数值:

public class MyRequirementHandler : AuthorizationHandler<MyRequirement>
{
    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MyRequirement requirement)
    {
        var authContext = (AuthorizationFilterContext)context.Resource;
        var routeValueOfX = authContext.HttpContext.GetRouteValue("X");
        .
        .
        .
    }
}

答案 3 :(得分:1)

为了将来参考,从 .NET Core 5.0 开始,现在传递 HttpContext,因此您可以执行以下操作:

if (context.Resource is HttpContext httpContext)
{
   var value = httpContext.GetRouteValue("key");
}

答案 4 :(得分:0)

您可以非常轻松地直接从处理程序访问参数。现在,我确定think是否适用于早期版本的核心(如果可以的话,你应该更新核心),但是在核心2.0及更高版本中,你可以将context.Resource强制转换为AuthorizationFilterContextHandleRequirementAsync方法中如此

if(context.Resource is AuthorizationFilterContext mvcContext)
{
   //do stuff to the mvcContext
}

然后,您可以访问这样的参数

var value = mvcContext.HttpContext.Request.Query[key].FirstOrDefault();

其中key是您要查找的参数名称。

或者您可以像这样解析查询字符串

var queryString = mvcContext.HttpContext.Request.QueryString.ToString()
var foo = HttpUtility.ParseQueryString(queryString);   
var value = foo[key]

再次,key是您要查找的参数名称。

相关问题
最新问题