我有一个政策允许某些类型的用户上传文档,让我们说UserA和UserB
[HttpPost]
[Authorize(Policy = Policy.Upload)]
public async Task<IActionResult> Upload([FromBody] DocumentUploadRequest request)
在我的设置中我做了:
services.AddSingleton<IAuthorizationHandler, UserAHandler>();
services.AddSingleton<IAuthorizationHandler, UserBHandler>();
services.AddAuthorization(options =>
{
options.AddPolicy(Policy.Upload, policy => policy
.RequireScope("scope", Scope.UserA)
.Requirements
.Add(new UserARequirement()));
options.AddPolicy(Policy.Upload, policy => policy
.RequireScope("scope", Scope.UserB)
.Requirements
.Add(new UserBRequirement()));
});
这不起作用,因为当我使用Scope&#34; UserA&#34;调用处理程序时,它将运行UserBHandler并失败,因为UserA不满足UserB要求。
我不知道如何实现这一点。我希望1个策略对每个范围有不同的要求。
有什么想法吗?