AuthorizationPolicy
类有三个静态函数:
static AuthorizationPolicy Combine(params AuthorizationPolicy[] policies)
static AuthorizationPolicy Combine(IEnumerable<AuthorizationPolicy> policies)
static async Task<AuthorizationPolicy> CombineAsync(IAuthorizationPolicyProvider policyProvider, IEnumerable<IAuthorizeData> authorizeData)
- 分析第三个函数,这个函数的第三个参数类型为
IEnumerable<IAuthorizeData>
,IAuthorizeData
唯一直接子类为AuthorizeAttribute
,简洁说明了这个函数是AuthorizeAttribute
解析的帮助函数:通过AuthorizationPolicyBuilder
解析IAuthorizeData
的Policy
Roles
AuthenticationSchemes
,然后靠Build()
创建AuthorizationPolicy
现在走解析
Roles
分支将
IAuthorizeData authorizeDatum
的Roles
按逗号分隔string[] array = authorizeDatum.Roles?.Split(new char[1] { ',' });
调用
AuthorizationPolicyBuilder
类的AuthorizationPolicyBuilder RequireRole(IEnumerable<string> roles)
函数if (array != null && array.Any()) { policyBuilder.RequireRole(from r in array where !string.IsNullOrWhiteSpace(r) select r.Trim()); flag = false; }
显然对
Role
的限制是依靠RolesAuthorizationRequirement
类的public AuthorizationPolicyBuilder RequireRole(IEnumerable<string> roles) { if (roles == null) { throw new ArgumentNullException("roles"); } Requirements.Add(new RolesAuthorizationRequirement(roles)); return this; }
怎么验证
Role
呢?使用ClaimPrincipal.IsInRole()public class RolesAuthorizationRequirement : AuthorizationHandler<RolesAuthorizationRequirement>, IAuthorizationRequirement { public IEnumerable<string> AllowedRoles { get; } public RolesAuthorizationRequirement(IEnumerable<string> allowedRoles) { if (allowedRoles == null) { throw new ArgumentNullException("allowedRoles"); } if (allowedRoles.Count() == 0) { throw new InvalidOperationException(Resources.Exception_RoleRequirementEmpty); } AllowedRoles = allowedRoles; } protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, RolesAuthorizationRequirement requirement) { if (context.User != null) { bool flag = false; if (requirement.AllowedRoles != null && requirement.AllowedRoles.Any()) { flag = requirement.AllowedRoles.Any((string r) => context.User.IsInRole(r)); } if (flag) { context.Succeed(requirement); } } return Task.CompletedTask; } }
Role验证原理
最新推荐文章于 2022-11-12 16:13:17 发布