以下是一个使用Asp.net Core的代码示例,演示了如何配置声明和基于角色的授权。
首先,在Startup.cs文件中,在ConfigureServices方法中添加以下代码:
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Mvc.Authorization;
using Microsoft.Extensions.DependencyInjection;
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(config =>
{
// 添加全局授权过滤器
var policy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.Build();
config.Filters.Add(new AuthorizeFilter(policy));
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
// 省略其他配置代码
app.UseAuthentication(); // 添加身份验证中间件
app.UseMvc();
}
}
然后,创建一个自定义的控制器,例如HomeController.cs,代码如下:
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
public class HomeController : Controller
{
// 基于角色的授权
[Authorize(Roles = "Admin")]
public IActionResult AdminPage()
{
return View();
}
// 声明授权
[Authorize(Policy = "RequireEmail")]
public IActionResult EmailPage()
{
return View();
}
}
接下来,在Startup.cs文件的ConfigureServices方法中,添加以下代码来配置声明授权:
using Microsoft.AspNetCore.Authorization;
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
// 声明授权
services.AddAuthorization(options =>
{
options.AddPolicy("RequireEmail", policy =>
policy.RequireClaim("email")); // 要求用户必须有email声明
});
}
// 省略其他配置代码
}
最后,在视图文件中,例如AdminPage.cshtml和EmailPage.cshtml,可以使用[Authorize]
属性来限制访问:
@{
ViewData["Title"] = "Admin Page";
}
Welcome to the Admin Page!
@{
ViewData["Title"] = "Email Page";
}
Welcome to the Email Page!
这样,AdminPage方法只允许具有"Admin"角色的用户访问,而EmailPage方法只允许具有"email"声明的用户访问。