Question

我已将dotnet core 2.2升级到3.preview7。
所以之后，我无法获得自定义属性。
版本2.2中的context.Resource是AuthorizationFilterContext的类型，而在版本3中是Microsoft.AspNetCore.Http.Endpoint的类型。

现在我无法从端点获取属性。

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.AspNetCore.Mvc.Filters;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using System.Threading.Tasks;

namespace Gamma.Core.Security
{
    public abstract class AttributeAuthorizationHandler<TRequirement,     TAttribute>
    : AuthorizationHandler<TRequirement> where TRequirement
    : IAuthorizationRequirement where TAttribute : Attribute
    {
        Microsoft.AspNetCore.Http.IHttpContextAccessor _httpContextAccessor = null;
        public AttributeAuthorizationHandler(Microsoft.AspNetCore.Http.IHttpContextAccessor httpContextAccessor)
        {
            _httpContextAccessor = httpContextAccessor;
        }
        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, TRequirement requirement)
        {
            var attributes = new List<TAttribute>();

            var action = (context.Resource as AuthorizationFilterContext)?.ActionDescriptor as ControllerActionDescriptor;
            if (context.Resource is Microsoft.AspNetCore.Http.Endpoint endpoint)
            {
                //endpoint.
            }

            if (action != null)
            {
                attributes.AddRange(GetAttributes(action.MethodInfo));
            }

            return HandleRequirementAsync(context, requirement, attributes);
        }

        protected abstract Task HandleRequirementAsync(AuthorizationHandlerContext context, TRequirement requirement, IEnumerable<TAttribute> attributes);

        private static IEnumerable<TAttribute> GetAttributes(MemberInfo memberInfo)
        {
            return memberInfo.GetCustomAttributes(typeof(TAttribute), false).Cast<TAttribute>();
        }
    }
}

Answer 1

我能够使用Brian's answer中的AuthorizationHandlerContext从ControllerActionDescriptor获得.NET Core 3.1中的自定义属性。

private IEnumerable<TAttribute> GetAttributes<TAttribute>(AuthorizationHandlerContext authContext)
{
    if (authContext.Resource is RouteEndpoint routeEndpoint)
    {
        var actionDescriptor = routeEndpoint.Metadata.OfType<ControllerActionDescriptor>().SingleOrDefault();
        var attributes = actionDescriptor?.MethodInfo.GetCustomAttributes(typeof(TAttribute), false).Cast<TAttribute>();
        return attributes;
    }
    
    return null;
}

Answer 2

尚未找到答案，但这可能会有所帮助：

https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-3.0的“在处理程序中访问MVC请求上下文”部分，但这是错误的。

但是，在“反馈”下，他们的2个问题与最有前途的答案有关，即将下面的代码添加到AuthorizationHandler。

这可以访问controllerActionDescriptor，但是正如您所看到的，我已经查看了各种属性，但是没有一个给我当前的路由数据：

var controllerActionDescriptor = routeEndpoint.Metadata
    .OfType<ControllerActionDescriptor>()
    .SingleOrDefault();

if (controllerActionDescriptor != null)
{
    var a = controllerActionDescriptor.AttributeRouteInfo;
    var p = controllerActionDescriptor.Parameters;
    var ep = controllerActionDescriptor.EndpointMetadata;
    var r = controllerActionDescriptor.RouteValues;
}

Answer 3

我找到了一个解决方案，在ConfigureServices中将IHttpContextAccessor注册到IOC

services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();

然后在AttributeAuthorizationHandler中获取它

public class AccountLoginAuthorizeHandler : AttributeAuthorizationHandler<AccountLoginAuthorizationRequirement, AccountLoginAttribute>
{
    private readonly IHttpContextAccessor _httpContextAccessor;
    public PermissionAuthorizeHandler(IHttpContextAccessor httpContextAccessor, IZaabeeRedisClient redisClient,
    IOptions<LoginConfig> loginConfig)
    {
        _httpContextAccessor = httpContextAccessor ?? throw new ArgumentNullException(nameof(httpContextAccessor));
    }
    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AccountLoginAuthorizationRequirement requirement, IEnumerable<AccountLoginAttribute> attributes)
    {
        if (context.Resource is AuthorizationFilterContext filterContext)
        {
            var httpContext = _httpContextAccessor.HttpContext;
            //Do Something
        }
        else
            //Do Something

        context.Succeed(requirement);
        return Task.CompletedTask;
    }
}

Answer 4

从 .net 5 开始，上下文是 HttpContext

有GetEndPoint method extension on HttpContext

protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, TRequirement requirement)
{
    if(context is HttpContext httContext){
        var endpoint = context.GetEndPoint();
    } else {
        throw ... // let's see how things will move with next version of .net 
    }
}

如何获取路由属性dotnet core 3？

4 个答案: