码迷,mamicode.com
首页 > 其他好文 > 详细

UseAuthorization 及相关源代码

时间:2020-03-01 10:35:21      阅读:352      评论:0      收藏:0      [点我收藏+]

标签:reg   semi   static   ali   调用   resources   delegate   log   source   

app.UseAuthorization 是Aspnet Core 3.X 的启动 Startup 的配置授权中间件。

官方定义:https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.builder.authorizationappbuilderextensions.useauthorization?view=aspnetcore-3.1

                  https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authorization.authorizationmiddleware?view=aspnetcore-3.1

 Github 库源代码如下:

public static class AuthorizationAppBuilderExtensions
{
     public static IApplicationBuilder UseAuthorization(this IApplicationBuilder app)
    {
        if (app == null)
        {
          throw new ArgumentNullException(nameof(app));
        }

        VerifyServicesRegistered(app);

        return app.UseMiddleware<AuthorizationMiddleware>();
    }

    private static void VerifyServicesRegistered(IApplicationBuilder app)
    {
            // 在调用 UseAuthorization 之前校验 AddAuthorizationPolicy 
            // 用 AuthorizationPolicyMarkerService 以保证所有 services  被 added.
    if (app.ApplicationServices.GetService(typeof(AuthorizationPolicyMarkerService)) == null)
    {
          throw new InvalidOperationException(Resources.FormatException_UnableToFindServices(
                    nameof(IServiceCollection),
                    nameof(PolicyServiceCollectionExtensions.AddAuthorization),
                    "ConfigureServices(...)"));
    }
}

------------------   AuthorizationMiddleware  的源代码:

https://github.com/dotnet/aspnetcore/blob/b56f84131af2e1ece61241a016e191f5f2fe3fc0/src/Security/Authorization/Policy/src/AuthorizationMiddleware.cs

 

public class AuthorizationMiddleware
{
     // Property key is used by Endpoint routing to determine if Authorization has run
     private const string AuthorizationMiddlewareInvokedWithEndpointKey = "__AuthorizationMiddlewareWithEndpointInvoked";
     private static readonly object AuthorizationMiddlewareWithEndpointInvokedValue = new object();

     private readonly RequestDelegate _next;
     private readonly IAuthorizationPolicyProvider _policyProvider;

     public AuthorizationMiddleware(RequestDelegate next, IAuthorizationPolicyProvider policyProvider)
     {
         _next = next ?? throw new ArgumentNullException(nameof(next));
         _policyProvider = policyProvider ?? throw new ArgumentNullException(nameof(policyProvider));
     }

     public async Task Invoke(HttpContext context)
    {
        if (context == null)
        {
             throw new ArgumentNullException(nameof(context));
         }

        var endpoint = context.GetEndpoint();

        if (endpoint != null)
         {
              // EndpointRoutingMiddleware uses this flag to check if the Authorization middleware processed auth metadata on the endpoint.
             // The Authorization middleware can only make this claim if it observes an actual endpoint.
             context.Items[AuthorizationMiddlewareInvokedWithEndpointKey] = AuthorizationMiddlewareWithEndpointInvokedValue;
         }

          // IMPORTANT: Changes to authorization logic should be mirrored in MVC‘s AuthorizeFilter
          var authorizeData = endpoint?.Metadata.GetOrderedMetadata<IAuthorizeData>() ?? Array.Empty<IAuthorizeData>();
          var policy = await AuthorizationPolicy.CombineAsync(_policyProvider, authorizeData);
          if (policy == null)
          {
              await _next(context);
              return;
          }

           // Policy evaluator has transient lifetime so it fetched from request services instead of injecting in constructor
           var policyEvaluator = context.RequestServices.GetRequiredService<IPolicyEvaluator>();

           var authenticateResult = await policyEvaluator.AuthenticateAsync(policy, context);

           // Allow Anonymous skips all authorization
           if (endpoint?.Metadata.GetMetadata<IAllowAnonymous>() != null)
           {
                 await _next(context);
                 return;
            }

            // Note that the resource will be null if there is no matched endpoint
            var authorizeResult = await policyEvaluator.AuthorizeAsync(policy, authenticateResult, context, resource: endpoint);

            if (authorizeResult.Challenged)
            {
                    if (policy.AuthenticationSchemes.Count > 0)
                    {
                         foreach (var scheme in policy.AuthenticationSchemes)
                        {
                             await context.ChallengeAsync(scheme);
                        }
                    }
                   else
                   {
                         await context.ChallengeAsync();
                   }

                    return;
           }
           else if (authorizeResult.Forbidden)
           {
                if (policy.AuthenticationSchemes.Count > 0)
                {
                      foreach (var scheme in policy.AuthenticationSchemes)
                      {
                            await context.ForbidAsync(scheme);
                      }
                }
                else
                {
                      await context.ForbidAsync();
                }

                return;
           }   

           await _next(context);
      } 
}

 

UseAuthorization 及相关源代码

标签:reg   semi   static   ali   调用   resources   delegate   log   source   

原文地址:https://www.cnblogs.com/hopesun/p/12388324.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!