问题:是否有针对 ASP.NET Web API 的过滤器可以过滤请求以仅允许来自其他 azure 服务的调用?
存在这样的授权过滤器,它可以读取策略,但如果说该服务必须调用另一个 azure 服务以获取一些附加信息,我希望能够将该受保护端点专门用于另一个与之交互的 Azure 服务。最好的方法是什么?
[HttpGet("HQClient/{clientID}")]
[Authorize(Policy = "read:clients")]
public async Task<ActionResult<HQClient>> GetHQClientByID(Guid clientID)
{
// Implementation
}
【问题讨论】:
标签: c# asp.net azure authorization
编写一个中间件,检查请求是否来自 azure 服务,并从启动类(asp.net 核心)或 MVCApplication 类方法(asp.net MVC)中的“配置”方法调用它
public void Configure(IApplicationBuilder app)
{
app.Use(async (context, next) =>
{
//write the code that check for azure services then..
//this calls the next delegate/middleware in the pipeline
await next();
});
}
您还可以编写自定义过滤器并在那里执行逻辑
//sample filter
class AuthorizeOnlyAzureServices : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
//check for azure services
}
}
//sample filter usage
public class HomeController : Controller
{
[AuthorizeOnlyAzureServices]
public ActionResult Index()
{
return View();
}
}
你也可以类似地使用属性
//sample attribute
public class AuthorizeOnlyAzureServicesAttribute : System.Attribute
{
public AuthorizeOnlyAzureServicesAttribute(HttpRequest request)
{
//check that the request is from azure service
}
}
//sample usage
[AuthorizeOnlyAzureServices(System.Web.HttpContext.Current.Request)]
public ActionResult Index()
{
//code goes here
return View();
}
【讨论】: