我正在使用Claims在ASP.NET Core中开发自己的项目,并参考了以下文章:http://blog.geveo.com/Claim-based-authorization-ASP-core
在步骤05中,我们从Permissions的位置很难理解,因为它在任何地方都没有定义。有什么想法吗?
services.AddAuthorization(options =>
{
options.AddPolicy(PolicyTypes.Teams.Manage, policy => {
policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Teams.Manage);
});
options.AddPolicy(PolicyTypes.Teams.AddRemove, policy => {
policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Teams.AddRemove);
});
options.AddPolicy(PolicyTypes.Users.Manage, policy => {
policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Users.Add);
});
options.AddPolicy(PolicyTypes.Users.EditRole, policy => {
policy.RequireClaim(CustomClaimTypes.Permission, Permissions.Users.EditRole);
});
}
答案 0 :(得分:3)
该博客文章的第2步缺少一个同时包装Users和Teams类的类。它应该看起来像这样:
public static class Permissions
{
public static class Users
{
public const string Add = "users.add";
public const string Edit = "users.edit";
public const string EditRole = "users.edit.role";
}
public static class Teams
{
public const string AddRemove = "teams.addremove";
public const string EditManagers = "teams.edit.managers";
public const string Delete = "teams.delete";
}
}
最后,这只是定义了在整个应用程序中使用的通用值,以标识各种权限。您也可以只传递一些字符串,但是由于不需要记住魔术字符串,因此集中定义它们可以使使用更加容易。