我一直在搜索和搜索,但无法得到直接的答案。 (我找到的大部分答案都已经过时了。)
看起来我可以使用页面类上的Authorize 属性来限制对剃须刀页面的访问。
[Authorize(Roles = "Admin")]
但是,使用当前版本的 Razor Pages,如何限制整个文件夹或 区域?
【问题讨论】:
AuthorizeFolder 和AuthorizeAreaPage
标签: c# asp.net-core razor-pages .net-5
按策略名称授权文件夹
services.AddRazorPages()
.AddRazorPagesOptions(ops =>
{
ops.Conventions.AuthorizeFolder("MyFolder", "RequireAdmins");
});
添加基于角色的策略
services.Authorization(ops =>
{
ops.AddPolicy("RequireAdmins", policy => policy.RequireRole("Admins"));
});
【讨论】:
AddRazorPages()。对于 .NET 5,IServiceCollection 没有 Authorization() 方法。啊!
令人沮丧的是,这些东西似乎会随着每个版本的发布而改变。这使您很难知道您是否正在查看正确的文档。
但这似乎是最新版本所需的方法,它适用于我。
ConfigureServices()
services.AddAuthorization(options =>
{
// Create policies
options.AddPolicy("Staff", p => p.RequireRole(Role.Staff));
options.AddPolicy("Admin", p => p.RequireRole(Role.Admin));
});
// Set authorizations
services.AddRazorPages(options =>
{
// Requires staff role for all pages (not including areas)
options.Conventions.AuthorizeFolder("/", "Staff");
// Set authorization for areas (looks like no way to do all areas at once)
options.Conventions.AuthorizeAreaFolder("Admin", "/", "Admin");
options.Conventions.AuthorizeAreaFolder("Leasing", "/", "Staff");
options.Conventions.AuthorizeAreaFolder("Repair", "/", "Staff");
options.Conventions.AuthorizeAreaFolder("Storage", "/", "Staff");
options.Conventions.AuthorizeAreaFolder("Transloading", "/", "Staff");
// Anonymous pages
options.Conventions.AllowAnonymousToPage("/Index");
options.Conventions.AllowAnonymousToPage("/Error");
});
【讨论】: