希望在我的Web应用程序中实施策略,因为某些用户可能有某些声明。例如,用户的角色将是相同但不同的声明。
用户1
用户2
角色="支持"
Claims =" AddSupport"
Startup.cs
public void Configuration(IAppBuilder app)
{
IServiceCollection services = new ServiceCollection();
ConfigureAuth(app);
ConfigureServices(services);
}
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
services.AddAuthorization(options =>
{
options.AddPolicy("DeleteSupport", policy => policy.RequireClaim("DeleteSupport"));
});
}
控制器
[Microsoft.AspNetCore.Authorization.Authorize(Policy = "DeleteSupport")]
public class SupportController : Controller
{
然而,没有声明的用户" DeleteSupport"仍然可以访问SupportController。我目前的设置是运行OWIN,如果这可能会导致问题。解决方案运行时没有错误,是否可以调试策略?
更新
尝试在AddMvc()
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();