几乎所有我的API端点仅由内部用户使用,这是默认方案,他们需要此访问权限。当我创建一个新端点时,他们将需要访问该端点。
我还有一些可以登录的特殊外部用户,但仅使用其中一些端点,比如说10%。
不必创建允许所有用户(外部用户除外)访问的要求/策略(通过使用策略import SwiftUI
struct GridStack<Content: View>: View {
let rows: Int
let columns: Int
let content: (Int, Int) -> Content
@State private var currentPosition: CGSize = .zero
@State private var oldPosition: CGSize = .zero
@State private var newPosition: CGSize = .zero
@State private var buttonBackColor:Color = .white
@State private var bgColorDict = [ 0: "neutral", 1: "neutral", 2: "neutral", 3: "neutral", 4: "neutral",
5: "neutral", 6: "neutral", 7: "neutral", 8: "neutral", 9: "neutral",
10: "neutral", 11: "neutral", 12: "neutral", 13: "neutral", 14: "neutral",
15: "neutral", 16: "neutral", 17: "neutral", 18: "neutral", 19: "neutral",
20: "neutral", 21: "neutral", 22: "neutral", 23: "neutral", 24: "neutral",
25: "neutral", 26: "neutral", 27: "neutral", 28: "neutral", 29: "neutral",
30: "neutral", 31: "neutral", 32: "neutral", 33: "neutral", 34: "neutral",
35: "neutral", 36: "neutral", 37: "neutral", 38: "neutral", 39: "neutral",
40: "neutral", 41: "neutral", 42: "neutral", 43: "neutral", 44: "neutral",
45: "neutral", 46: "neutral", 47: "neutral", 48: "neutral", 49: "neutral",
50: "neutral", 51: "neutral", 52: "neutral", 53: "neutral", 54: "neutral",
55: "neutral", 56: "neutral", 57: "neutral", 58: "neutral", 59: "neutral",
60: "neutral", 61: "neutral", 62: "neutral", 63: "neutral", 64: "neutral",
65: "neutral", 66: "neutral", 67: "neutral", 68: "neutral", 69: "neutral",
70: "neutral", 71: "neutral", 72: "neutral", 73: "neutral", 74: "neutral",
75: "neutral", 76: "neutral", 77: "neutral", 78: "neutral", 79: "neutral",
80: "neutral", 81: "neutral", 82: "neutral", 83: "neutral", 84: "neutral",
85: "neutral", 86: "neutral", 87: "neutral", 88: "neutral", 89: "neutral",
90: "neutral", 91: "neutral", 92: "neutral", 93: "neutral", 94: "neutral",
95: "neutral", 96: "neutral", 97: "neutral", 98: "neutral", 99: "neutral"
]
let theSheet = ["t","r","c","g","T","M","B","G","s","v",
"N","U","e","p","A","D","f","C","H","a",
"y","P","F","d","b","r","j","n","I","x",
"i","m","S","O","o","u","E","L","h","k",
"N","j","r","b","x","e","u","A","H","o",
"p","S","L","n","k","M","U","s","g","P",
"i","m","T","D","a","f","I","B","h","v",
"E","G","d","y","R","F","t","c","C","O",
"o","r","m","k","h","v","t","p","c","e",
"g","d","b","s","i","f","a","u","n","y",]
var body: some View {
VStack {
ForEach(0 ..< 1, id: \.self) { row in
HStack(spacing: 0) {
ForEach(0 ..< 1, id: \.self) { column in
Text(self.theSheet[(10 * row) + column])
.font(.custom("Rockwell",size:24))
.frame(width: 30, height: 30, alignment: .center)
.padding()
.onTapGesture {
if (self.bgColorDict[(row*10) + column] == "neutral") {
self.bgColorDict[(row*10) + column] = "correct"
} else if self.bgColorDict[(row*10) + column] == "correct" {
self.bgColorDict[(row*10) + column] = "wrong"
} else {
self.bgColorDict[(row*10) + column] = "neutral"
}
}
.background(Color(String(self.bgColorDict[(row*10) + column] ?? "neutral"))).border(Color.gray)
}
}
}
}
}
装饰每个API路由,我可以创建策略(或类似于{{1 }}),我只将外部用户允许访问的API端点放在上面,例如:
[Authorize(Policy = "InternalOnly")]在旧的.NET身份中,我可以使用[AllowAnonymous]来实现此目的,但是在.NET核心中,需求/策略似乎是解决之道。
我在[Route("GetForExternal")]
[HttpPost]
[ExternalAllowed]
public async Task<ActionResult<String>> GetForExternal(Request request)
中使用了AuthorizeAttribute,以确保所有端点都受到经过身份验证的用户的保护:
FallbackPolicy答案 0 :(得分:0)
我通过添加回退策略解决了这个问题:
services.AddAuthorization(options =>
{
options.AddPolicy(Policies.AllowExternal, policy => policy.RequireAuthenticatedUser().Requirements.Add(new AllowExternalRequirement()));
options.FallbackPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireRole("InternalEmployee")
.Build();
});
并使用该策略装饰外部允许的api端点:
[Authorize(Policy = Policies.AllowExternal)]
然后添加一个简单的替代策略:
public class AllowExternalRequirement : IAuthorizationRequirement
{
}
public class AllowExternalHandler : AuthorizationHandler<AllowExternalRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AllowExternalRequirement requirement)
{
context.Succeed(requirement);
return Task.CompletedTask;
}
}