有时我们需要在调用一个方法前加判断,比如当前用户是否有权限来调用此方法。
常规做法在NET中是自己做一个Attribute来完成,不过在4.5中有System.Security.Permissions.PrincipalPermissionAttribute可以协助我们,用的是System.Security.Claims.Claim及System.Security.Claims.ClaimTypes。
1 using System; 2 using System.Collections.Generic; 3 using System.Security.Claims; 4 using System.Security.Permissions; 5 using System.Threading; 6 7 namespace ApiSecurityTest 8 { 9 class Program 10 { 11 static void Main(string[] args) 12 { 13 var claims = new List<Claim>() 14 { 15 new Claim(ClaimTypes.Name, "badri"), 16 new Claim(ClaimTypes.Email, "badri@nowhere.com"), 17 new Claim(ClaimTypes.Role, "StoreMandager"), 18 new Claim(ClaimTypes.Role, "BackOfficeClerk") 19 }; 20 21 var id = new ClaimsIdentity(claims, "Dummy"); // Non-empty string is needed as authentication type 22 var principal = new ClaimsPrincipal(new[] { id }); 23 Thread.CurrentPrincipal = principal; 24 25 MakeDiscount(); 26 27 Console.WriteLine(); 28 Console.ReadLine(); 29 } 30 31 [PrincipalPermission(SecurityAction.Demand, Role = "StoreManager")] // Declarative 32 private static void MakeDiscount() 33 { 34 try 35 { 36 Console.WriteLine(Thread.CurrentPrincipal.IsInRole("StoreManager")); 37 Console.WriteLine("Discount of 10% has been applied"); 38 } 39 catch 40 { 41 Console.WriteLine("no access"); 42 } 43 } 44 } 45 }
这样只有当StoreManager的人才能调用此方法,如果不是此类用户就会报SecurityException。
除上述特性外,还有KeyContainerPermissionAttribute,看程序是基于哪种做权限处理。