【发布时间】:2021-12-31 08:43:15
【问题描述】:
我是 Blazor 服务器的新手。我已经实现了 asp.net 核心身份基于角色的授权。但我不想在 Authorize 属性上硬编码角色。我想稍后创建角色并指定它可以访问的控制器和操作,而无需接触源代码。
如上图所示,如何在 blazor 服务器中创建基于角色的动态授权
【问题讨论】:
标签: asp.net-core blazor blazor-server-side
【发布时间】:2021-12-31 08:43:15
【问题描述】:
您需要通过策略实施和授权。
您可以创建一个可以分配给任何Role 的权限。与检查权限的Policy 结合使用。
这允许您在运行时创建角色并将权限分配给这些新角色。当用户被分配一个角色时,策略将看到附加到该角色的权限。
您的屏幕将成为分配给每个角色的 6 个权限的分组。这需要 6 个策略。
我会考虑使用如下类:
Permission.cs
public sealed class Permission
{
public static readonly IReadOnlyList<Permission> Permissions = new List<Permission>
{ RolesView, RolesCreate, RolesUpdate, RolesDelete, UserRoleView, UserRoleUpdate };
public static explicit operator string(Permission p) => p.Key;
public static Permission RolesView => new Permission
{
Key = "Permission.Roles.View",
Display = "Role List",
GroupName = "Role Management"
};
public static Permission RolesCreate => new Permission
{
Key = "Permission.Roles.Create",
Display = "Create Role",
GroupName = "Role Management"
};
public static Permission RolesUpdate => new Permission
{
Key = "Permission.Roles.Update",
Display = "Edit Role",
GroupName = "Role Management"
};
public static Permission RolesDelete => new Permission
{
Key = "Permission.Roles.Delete",
Display = "Delete",
GroupName = "Role Management"
};
public static Permission UserRoleView => new Permission
{
Key = "Permission.UserRole.View",
Display = "User List",
GroupName = "User Role Management"
};
public static Permission UserRoleUpdate => new Permission
{
Key = "Permission.UserRole.Update",
Display = "Edit User Roles",
GroupName = "User Role Management"
};
public string Key { get; private set; }
public string Display { get; private set; }
public string GroupName { get; private set; }
}
services.AddAuthorization(options =>
{
...
options.AddPolicy(name: "UserRoleView", policy =>
policy.RequireClaim(Permission.UserRoleView));
...
});
[Authorize(Policy = "UserRoleView")]
使用RoleManagers 方法AddClaimAsync 和RemoveClaimAsync 使用Permission 作为声明,利用显式字符串转换。
【讨论】:
作为对 Brian 答案的补充,您可以使用 PolicyBuilder 工厂来构建您的策略。这是我的一个应用程序中的一个简单示例:
public static class AppPolicies
{
public const string IsAdmin = "IsAdmin";
public const string IsUser = "IsUser";
public const string IsVisitor = "IsVisitor";
public static AuthorizationPolicy IsAdminPolicy
=> new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireRole("Admin")
.Build();
public static AuthorizationPolicy IsUserPolicy
=> new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireRole("Admin", "User")
.Build();
public static AuthorizationPolicy IsVisitorPolicy
=> new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireRole("Admin", "User", "Visitor")
.Build();
public static Dictionary<string, AuthorizationPolicy> Policies
{
get
{
var policies = new Dictionary<string, AuthorizationPolicy>();
policies.Add(IsAdmin, IsAdminPolicy);
policies.Add(IsUser, IsUserPolicy);
policies.Add(IsVisitor, IsVisitorPolicy);
return policies;
}
}
}
并像这样使用它:
services.AddAuthorization(config =>
{
foreach (var policy in AppPolicies.Policies)
{
config.AddPolicy(policy.Key, policy.Value);
}
});
【讨论】: