ASP.NET Core的多个作用域的ClaimsAuthorizationRequirement可以按预期工作,以下是一个包含代码示例的解决方法:
在Startup.cs文件中,添加以下代码以配置多个作用域的ClaimsAuthorizationRequirement:
using Microsoft.AspNetCore.Authorization;
using Microsoft.Extensions.DependencyInjection;
public void ConfigureServices(IServiceCollection services)
{
// 添加身份验证服务
services.AddAuthentication(options =>
{
options.DefaultScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(options =>
{
// 配置JWT Bearer认证选项
// ...
});
// 添加授权服务
services.AddAuthorization(options =>
{
options.AddPolicy("Policy1", policy =>
{
policy.Requirements.Add(new ClaimsAuthorizationRequirement("Scope1", new[] { "Value1", "Value2" }));
});
options.AddPolicy("Policy2", policy =>
{
policy.Requirements.Add(new ClaimsAuthorizationRequirement("Scope2", new[] { "Value3", "Value4" }));
});
});
// 添加自定义授权处理程序
services.AddSingleton();
// 添加其他服务
// ...
}
然后,创建一个自定义的AuthorizationHandler来处理授权逻辑,例如:
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
public class CustomAuthorizationHandler : AuthorizationHandler
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ClaimsAuthorizationRequirement requirement)
{
// 获取当前用户的Claims
var claims = context.User.Claims;
// 判断是否满足指定的作用域和值
if (claims.Any(c => c.Type == requirement.ClaimType && requirement.AllowedValues.Contains(c.Value)))
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
在控制器或具体的方法中,使用Authorize属性来应用不同的授权策略,例如:
[Authorize(Policy = "Policy1")]
public IActionResult Action1()
{
// ...
}
[Authorize(Policy = "Policy2")]
public IActionResult Action2()
{
// ...
}
通过上述配置和代码,当用户拥有指定作用域和值的Claims时,他们将被授权访问相应的方法。