我想在解决方案上实现动态权限,但是我遇到了问题。我向用户授予权限,他登录了。好的,它允许某些内容。但是,作为管理员,我决定撤回他的权限。只要该用户未注销,由于声明未更新,他们将保留这些权限。如何在无需用户重新登录的情况下授予和获取权限?
// Policy
[Authorize(Policy = "Games")]
public class DashboardController : Controller
{
public IActionResult Index()
{
return View();
}
}
// Handler
public class GamesPermissionHandler : AuthorizationHandler<GamesRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, GamesRequirement requirement)
{
if (context.User.HasClaim(c => c.Type == "Games"))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
// Startup
services.AddAuthorization(
options =>
{
options.AddPolicy("Games", policy => policy.Requirements.Add(new GamesRequirement()));
}
);