zoukankan      html  css  js  c++  java
  • ASP.NET Core 下自定义权限验证

    效果图:

    如果没有权限时,显示:

    代码:

        public class AuthorizeAdminAttribute : TypeFilterAttribute
        {
            #region 字段
    
            private readonly bool _ignoreFilter;
    
            #endregion
    
            #region 构造函数
    
            /// <summary>
            /// 构造函数
            /// </summary>
            /// <param name="ignore">是否忽略过滤。默认为false</param>
            public AuthorizeAdminAttribute(bool ignore = false) : base(typeof(AuthorizeAdminFilter))
            {
                this._ignoreFilter = ignore;
                this.Arguments = new object[] { ignore };
            }
    
            #endregion
    
            #region 属性
    
            /// <summary>
            /// 获取是否忽略过滤?
            /// </summary>
            public bool IgnoreFilter => _ignoreFilter;
    
            #endregion
    
    
            #region 内部过滤器
    
            /// <summary>
            /// 管理员授权过滤器
            /// </summary>
            private class AuthorizeAdminFilter : IAuthorizationFilter
            {
                #region 字段
    
                private readonly bool _ignoreFilter;
                //private readonly IPermissionService _permissionService; 
                //假设这个 IPermissionService 是我们业务上需要访问数据库获取用户是否有权限访问的类。
    
                #endregion
    
                #region 构造函数
    
                public AuthorizeAdminFilter(bool ignoreFilter /*, IPermissionService permissionService*/ )
                {
                    this._ignoreFilter = ignoreFilter;
                    //this._permissionService = permissionService;
                }
    
                #endregion
    
                #region 方法
    
                public void OnAuthorization(AuthorizationFilterContext filterContext)
                {
                    if (filterContext == null)
                        throw new ArgumentNullException(nameof(filterContext));
    
                    //检查是否已经被 Action 方法重写了
                    var actionFilter = filterContext.ActionDescriptor.FilterDescriptors
                        .Where(filterDescriptor => filterDescriptor.Scope == FilterScope.Action)
                        .Select(filterDescriptor => filterDescriptor.Filter).OfType<AuthorizeAdminAttribute>().FirstOrDefault();
    
    
                    if (actionFilter?.IgnoreFilter ?? _ignoreFilter)
                        return;
    
                    if (filterContext.Filters.Any(filter => filter is AuthorizeAdminFilter))
                    {
                        //下面是访问自定义的服务,获取当前登录用户是否有权限访问
                        //bool hasPermission =  _permissionService.Authorize(StandardPermissionProvider.AccessAdminPanel);
                        bool hasPermission = new Random().Next(1, 11) > 5 ? true : false;
                        if (!hasPermission)
                            filterContext.Result = new ChallengeResult();
                    }
                }
    
                #endregion
            }
    
            #endregion
        }

    使用方法:

    谢谢浏览!

  • 相关阅读:
    B. Xor of 3 题解(思维+构造)
    小 L 与 GCD 题解(数学 hard)
    F. Clear The Matrix 题解(状压dp)
    小顶堆与大顶堆的自定义cmp函数
    字符指针、字符数组
    python中创建dict对象
    中缀表达式转后缀表达式
    vue中keep-alive,include的缓存问题
    vue 冒号 :、@、# 是什么意思? v-bind v-on v-slot v-是指令
    vue 自定义指令 v-
  • 原文地址:https://www.cnblogs.com/Music/p/authorize-admin-filter-in-asp-net-core.html
Copyright © 2011-2022 走看看