我正在尝试在 ASP.NET Web api 中使用属性设置操作过滤器。
这是过滤器
public class PermissionRequirementFilter: IAuthorizationFilter
{
readonly string[] _permissions;
public PermissionRequirementFilter(string[] permissions)
{
_permissions = permissions;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var claim = context.HttpContext.User.Claims;
var service = context.HttpContext.RequestServices.GetService<IntegrationContext>() ?? throw new InvalidOperationException();
var roleClaim = claim.FirstOrDefault(c => c.Type == "extension_Role");
//TODO Rest of logic here
}
这是属性
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = false)]
public class RequiredPermissionAttribute : TypeFilterAttribute
{
public RequiredPermissionAttribute(string[] permissions) : base(typeof(PermissionRequirementFilter))
{
Arguments = // Not sure what to do here...
}
}
这是我想在控制器中使用它的方式。
[ApiController]
[Route("[controller]")]
[EnableCors("AllowAll")]
public class AbcController : ControllerBase
{
[HttpGet]
[RequiredPermission(new []{"permission_1", "permission_2"})]
[Authorize]
public async Task<ActionResult> Get()
{
return Ok("test");
}
}
我已经尝试过这种变体,但我似乎永远无法在不注册的情况下获得代码来命中过滤器(然后无法使用属性中的数据)
大家有什么想法吗?
这是我找到的最好的方法
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = false)]
public class RequiredPermissionAttribute : Attribute, IAuthorizationFilter
{
public string[] Permissions { get; }
public RequiredPermissionAttribute(params string[] permissions)
{
Permissions = permissions;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
var claim = context.HttpContext.User.Claims;
var service = context.HttpContext.RequestServices.GetService<IntegrationContext>() ?? throw new InvalidOperationException();
//TODO
}
}
在控制器中
[HttpGet]
[RequiredPermission("Permission1", "Permission2")]
public async Task<ActionResult> Get()
{
return Ok("test");
}