码迷,mamicode.com
首页 > 其他好文 > 详细

39-Role以及Claims授权

时间:2018-07-25 01:03:18      阅读:461      评论:0      收藏:0      [点我收藏+]

标签:odi   user   handler   col   role   model   null   nbsp   clear   

asp.net core多鼓励使用claims授权

1-使用role授权

在类或方法上贴上Roles,这样就知道有user的角色才可以访问

 [Authorize(Roles="user")]
    public class ValuesController : ControllerBase

 

在登陆时给用户分配对应的角色  new Claim(ClaimTypes.Role,"admin")

 public IActionResult Token(LoginViewModel loginViewModel){
           if(ModelState.IsValid) {
              if(loginViewModel.User!="qinzb" && loginViewModel.Password!="123"){
                  return BadRequest();
              }

              var claims = new Claim[]{
                    new Claim(ClaimTypes.Name,"qinzb"),
                    new Claim(ClaimTypes.Role,"admin")
               };
              
              var key = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey
              (System.Text.Encoding.UTF8.GetBytes(_jwtSettings.SecretKey));

              var creds = new Microsoft.IdentityModel.Tokens.SigningCredentials
              (key, Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256);

              var token = new System.IdentityModel.Tokens.Jwt.JwtSecurityToken(
                  _jwtSettings.Issure,
                _jwtSettings.Audience,
                claims,
                null,
                DateTime.Now.AddMinutes(30),
                creds
              );
              return Ok(new {token = new JwtSecurityTokenHandler().WriteToken(token)});
           }
           return BadRequest();
       }

 

如果没有访问方法的对应角色,则返回如下提示

技术分享图片

 

基于claims授权,只需要多加

services.AddAuthorization(options=>{
                options.AddPolicy("SuperAdminOnly",policy=>policy.RequireClaim("SuperAdminOnly"));
            });

 完整代码

  public void ConfigureServices(IServiceCollection services)
        {
            services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1);

            services.Configure<JwtSettings>(Configuration.GetSection("JwtSettings"));
            var jwtSetting =  new JwtSettings();
            Configuration.Bind("JwtSettings",jwtSetting);

            services.AddAuthentication(options=>{
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            })
            .AddJwtBearer(jwtOption=>{
                jwtOption.TokenValidationParameters=new Microsoft.IdentityModel.Tokens.TokenValidationParameters{
                    ValidIssuer = jwtSetting.Issure,
                    ValidAudience = jwtSetting.Audience,
                    IssuerSigningKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(
                        System.Text.Encoding.UTF8.GetBytes(jwtSetting.SecretKey)
                    )
                };
                // jwtOption.SecurityTokenValidators.Clear();
                // jwtOption.SecurityTokenValidators.Add(new MyTokenValidator());
                // jwtOption.Events = new JwtBearerEvents(){
                //     OnMessageReceived = Context=>{
                //         var token = Context.Request.Headers["token"];
                //         Context.Token = token;
                //         return Task.CompletedTask;
                //     }
                // };

            });

            services.AddAuthorization(options=>{
                options.AddPolicy("SuperAdminOnly",policy=>policy.RequireClaim("SuperAdminOnly"));
            });
        }

2-在需要的类上启用claims, Policy表示只用SuperAdminOnly的才能访问

   [Authorize(Policy="SuperAdminOnly")]
    public class ValuesController : ControllerBase

 

3-在登陆时给对应的类增加policy,这样可以访问带有[Authorize(Policy="SuperAdminOnly")

   var claims = new Claim[]{
                    new Claim(ClaimTypes.Name,"qinzb"),
                    new Claim(ClaimTypes.Role,"admin"), //基于角色
                    new Claim("SuperAdminOnly","true") //基于policy
               };

 

39-Role以及Claims授权

标签:odi   user   handler   col   role   model   null   nbsp   clear   

原文地址:https://www.cnblogs.com/qinzb/p/9363363.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!