zoukankan      html  css  js  c++  java
  • ASP.NET Core 下自定义权限验证

    效果图:

    如果没有权限时,显示:

    代码:

        public class AuthorizeAdminAttribute : TypeFilterAttribute
        {
            #region 字段
    
            private readonly bool _ignoreFilter;
    
            #endregion
    
            #region 构造函数
    
            /// <summary>
            /// 构造函数
            /// </summary>
            /// <param name="ignore">是否忽略过滤。默认为false</param>
            public AuthorizeAdminAttribute(bool ignore = false) : base(typeof(AuthorizeAdminFilter))
            {
                this._ignoreFilter = ignore;
                this.Arguments = new object[] { ignore };
            }
    
            #endregion
    
            #region 属性
    
            /// <summary>
            /// 获取是否忽略过滤?
            /// </summary>
            public bool IgnoreFilter => _ignoreFilter;
    
            #endregion
    
    
            #region 内部过滤器
    
            /// <summary>
            /// 管理员授权过滤器
            /// </summary>
            private class AuthorizeAdminFilter : IAuthorizationFilter
            {
                #region 字段
    
                private readonly bool _ignoreFilter;
                //private readonly IPermissionService _permissionService; 
                //假设这个 IPermissionService 是我们业务上需要访问数据库获取用户是否有权限访问的类。
    
                #endregion
    
                #region 构造函数
    
                public AuthorizeAdminFilter(bool ignoreFilter /*, IPermissionService permissionService*/ )
                {
                    this._ignoreFilter = ignoreFilter;
                    //this._permissionService = permissionService;
                }
    
                #endregion
    
                #region 方法
    
                public void OnAuthorization(AuthorizationFilterContext filterContext)
                {
                    if (filterContext == null)
                        throw new ArgumentNullException(nameof(filterContext));
    
                    //检查是否已经被 Action 方法重写了
                    var actionFilter = filterContext.ActionDescriptor.FilterDescriptors
                        .Where(filterDescriptor => filterDescriptor.Scope == FilterScope.Action)
                        .Select(filterDescriptor => filterDescriptor.Filter).OfType<AuthorizeAdminAttribute>().FirstOrDefault();
    
    
                    if (actionFilter?.IgnoreFilter ?? _ignoreFilter)
                        return;
    
                    if (filterContext.Filters.Any(filter => filter is AuthorizeAdminFilter))
                    {
                        //下面是访问自定义的服务,获取当前登录用户是否有权限访问
                        //bool hasPermission =  _permissionService.Authorize(StandardPermissionProvider.AccessAdminPanel);
                        bool hasPermission = new Random().Next(1, 11) > 5 ? true : false;
                        if (!hasPermission)
                            filterContext.Result = new ChallengeResult();
                    }
                }
    
                #endregion
            }
    
            #endregion
        }

    使用方法:

    谢谢浏览!

  • 相关阅读:
    如何用Tensorflow训练模型成pb文件和和如何加载已经训练好的模型文件
    hbase rowkey 设计
    hbase集群region数量和大小的影响
    为什么不建议在hbase中使用过多的列簇
    hive explode 行拆列
    通过livy向CDH集群的spark提交任务
    case when多条件
    spark sql/hive小文件问题
    SQL join
    spark任务调度模式,动态资源分配
  • 原文地址:https://www.cnblogs.com/Music/p/authorize-admin-filter-in-asp-net-core.html
Copyright © 2011-2022 走看看