[我知道我只是在这里错过了一些愚蠢的事情,但是在F#中我还没有这样做,所以有点麻烦。
[我正在尝试使用带有F#的ASP.Net Core 3中内置的api测试策略。这是我在Startup.fs中的MVC和来自ConfigureServices方法的授权中的配置代码:
controllerBuilder.AddMvcOptions(fun config ->
let genPolicy = (new AuthorizationPolicyBuilder()).RequireAuthenticatedUser().Build()
config.Filters.Add(new AuthorizeFilter(genPolicy))
)|> ignore
services.AddResponseCaching() |> ignore
services.AddAuthorization(fun config ->
let driverPolicy = (new AuthorizationPolicyBuilder()).RequireClaim("role",["Driver"]).Build()
let dispatcherPolicy = (new AuthorizationPolicyBuilder()).RequireClaim("role",["Dispatcher"]).Build()
let adminPolicy = (new AuthorizationPolicyBuilder()).RequireClaim("role",["Admin"]).Build()
config.AddPolicy("Driver",driverPolicy)
config.AddPolicy("Dispatcher",dispatcherPolicy)
config.AddPolicy("Admin",adminPolicy)) |> ignore
当然,在configure方法中,我还有以下内容:
app.UseAuthorization() |> ignore
现在,我期望我能够像这样在控制者级别通过属性应用这些策略:
[<ApiController>]
[<Authorize(Policy = "Driver")>]
[<Route("api"+CollectionDriverHateoas.myActiveRouteStopsRoot)>]
type MyActiveRouteStopsController private () =
inherit ControllerBase()
new (configuration: IConfiguration, logger : ILogger<MyActiveRouteStopsController>) as this =
MyActiveRouteStopsController() then
this._configuration <- configuration
member val private _configuration : IConfiguration = null with get, set
member private this.getConnStr = this._configuration.getDbConnection()
但是...目前无法正常工作,它拒绝具有所需角色的用户。这是JWT拒绝的有效负载的一部分。您可以看到它具有角色的声明,其值为Driver。
{
"userName": "rhicks",
"isInternal": "True",
"tokenId": "6f074456-d80e-4dce-b689-49d55b989561",
"role": "Driver"
}
我将使用C#中的相同代码进行快速测试,以查看我是否只是错过了一步,但是任何帮助都会有用。
因此,在设置自定义要求后,很清楚这里发生了什么。如果您添加名称为'role'的声明,该声明将被替换为'http://schemas.microsoft.com/ws/2008/06/identity/claims/role'。为了避免一般情况下的问题,请尽可能使用提供的ClaimTypes ...