我想你現在有這樣的工作,但對於我在學習MVC和.Net Core時所使用的Intranet,我使用了依賴於針對Person的數據庫值的基於聲明的授權。
我以這種方式接近它,這無疑可以改善,但希望能及時到達。
啓動。CS
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(config =>
{
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
})
services.AddAuthorization(options =>
{
options.AddPolicy("Administrator", policy => policy.RequireClaim("Administrator"));
});
services.Configure<IISOptions>(options =>
{
options.ForwardWindowsAuthentication = true;
});
var connection = etc etc;
services.AddDbContext<IntranetContext>(options => options.UseSqlServer(connection));
services.AddScoped<IClaimsTransformer, ClaimsTransformer>();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(this.Configuration.GetSection("Logging"));
loggerFactory.AddDebug();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseBrowserLink();
}
else
{
app.UseExceptionHandler("/Home/Error");
}
app.UseSession();
app.UseDefaultFiles();
app.UseStaticFiles();
app.UseClaimsTransformation(async (context) =>
{
IClaimsTransformer transformer = context.Context.RequestServices.GetRequiredService<IClaimsTransformer>();
return await transformer.TransformAsync(context);
});
app.UseStatusCodePages();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
ClaimsTransformer.cs
public class ClaimsTransformer : IClaimsTransformer
{
private readonly IntranetContext dbcontext;
/// <summary>
/// Initializes a new instance of the <see cref="ClaimsTransformer" /> class.
/// </summary>
/// <param name="context">Also to be written.</param>
public ClaimsTransformer(IntranetContext context)
{
this.dbcontext = context;
}
/// <summary>
/// Manages claims against the ClaimsPrincipal for Authenticated Users
/// </summary>
/// <param name="context">Also to be written.</param>
/// <returns>Still to be written.</returns>
public async Task<ClaimsPrincipal> TransformAsync(ClaimsTransformationContext context)
{
System.Security.Principal.WindowsIdentity windowsIdentity = null;
foreach (var i in context.Principal.Identities)
{
if (i.GetType() == typeof(System.Security.Principal.WindowsIdentity))
{
windowsIdentity = (System.Security.Principal.WindowsIdentity)i;
}
}
if (windowsIdentity != null)
{
var username = windowsIdentity.Name.Remove(0, 6);
var appUser = this.dbcontext.Person.FirstOrDefault(m => m.Username == username);
if (appUser != null)
{
((ClaimsIdentity)context.Principal.Identity).AddClaim(new Claim("Id", Convert.ToString(appUser.Id), ClaimValueTypes.Integer));
((ClaimsIdentity)context.Principal.Identity).AddClaim(new Claim("Fullname", appUser.Firstname + ' ' + appUser.Surname, ClaimValueTypes.String));
((ClaimsIdentity)context.Principal.Identity).AddClaim(new Claim("Firstname", appUser.Firstname, ClaimValueTypes.String));
((ClaimsIdentity)context.Principal.Identity).AddClaim(new Claim("Surname", appUser.Surname, ClaimValueTypes.String));
if (appUser.Administrator)
{
((ClaimsIdentity)context.Principal.Identity).AddClaim(new Claim("Administrator", "1", ClaimValueTypes.Boolean));
}
}
else
{
Person newPerson = new Person();
newPerson.Username = username;
newPerson.Firstname = username.Split('.')[0].ToString().ToTitleCase();
newPerson.Surname = username.Split('.')[1].ToString().ToTitleCase();
newPerson.LocationId = 1;
newPerson.CreatedBy = 1;
newPerson.CreatedDate = DateTime.Now;
newPerson.Email = username + "@mycompany.com";
this.dbcontext.Add(newPerson);
await this.dbcontext.SaveChangesAsync();
appUser = this.dbcontext.Person.FirstOrDefault(m => m.Username == username);
((ClaimsIdentity)context.Principal.Identity).AddClaim(new Claim("Id", Convert.ToString(appUser.Id), ClaimValueTypes.Integer));
((ClaimsIdentity)context.Principal.Identity).AddClaim(new Claim("Fullname", appUser.Firstname + ' ' + appUser.Surname, ClaimValueTypes.String));
((ClaimsIdentity)context.Principal.Identity).AddClaim(new Claim("Firstname", appUser.Firstname, ClaimValueTypes.String));
((ClaimsIdentity)context.Principal.Identity).AddClaim(new Claim("Surname", appUser.Surname, ClaimValueTypes.String));
}
}
return await System.Threading.Tasks.Task.FromResult(context.Principal);
}
}
在任何控制器我可以再申請[授權(策略= 「管理員」)
我希望作品爲你。
謝謝。
可以添加更多的信息我如何檢查來自數據庫授權過濾器或從數據庫 –
角色,你如何排序/管理用戶/角色模型是由你.....但我已經添加了一個編輯來顯示這 –
粗糙例子你能給一步一步的例子,我是新 –