在 .NET 8.0 中,授权策略(Authorization Policies)是一种强大的机制,用于定义和应用复杂的授权规则。授权策略可以基于用户角色、声明、自定义要求等来控制对资源的访问。
以下是如何在 .NET 8.0 中配置和使用授权策略的步骤:
-
安装必要的 NuGet 包
确保你已经安装了 Microsoft.AspNetCore.Authorization 包,这个包通常已经包含在 ASP.NET Core 项目中。 -
配置授权策略
在 Program.cs 或 Startup.cs 中配置授权策略:
using Microsoft.AspNetCore.Authorization;
var builder = WebApplication.CreateBuilder(args);
// 添加授权服务
builder.Services.AddAuthorization(options =>
{
options.AddPolicy("AdminOnly", policy => policy.RequireRole("Admin"));
options.AddPolicy("Over21", policy => policy.Requirements.Add(new MinimumAgeRequirement(21)));
});
// 注册自定义要求处理程序
builder.Services.AddSingleton<IAuthorizationHandler, MinimumAgeHandler>();
builder.Services.AddControllers();
var app = builder.Build();
// 启用授权中间件
app.UseAuthorization();
app.MapControllers();
app.Run();
CopyInsert
3. 创建自定义要求和处理程序
创建一个自定义要求(Requirement)和一个处理程序(Handler)来处理这个要求:
using Microsoft.AspNetCore.Authorization;
public class MinimumAgeRequirement : IAuthorizationRequirement
{
public int MinimumAge { get; }
public MinimumAgeRequirement(int minimumAge)
{
MinimumAge = minimumAge;
}
}
public class MinimumAgeHandler : AuthorizationHandler
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, MinimumAgeRequirement requirement)
{
var ageClaim = context.User.FindFirst(c => c.Type == "Age");
if (ageClaim != null && int.TryParse(ageClaim.Value, out int age) && age >= requirement.MinimumAge)
{
context.Succeed(requirement);
}
return Task.CompletedTask;
}
}
CopyInsert
4. 在控制器中应用授权策略
在控制器或操作方法上应用授权策略:
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
[ApiController]
[Route("api/[controller]")]
public class AdminController : ControllerBase
{
[HttpGet]
[Authorize(Policy = "AdminOnly")]
public IActionResult Get()
{
return Ok("Admin access granted");
}
[HttpGet("over21")]
[Authorize(Policy = "Over21")]
public IActionResult GetOver21()
{
return Ok("Access granted for users over 21");
}
}
CopyInsert
5. 配置用户声明
在生成 JWT 时,确保包含必要的声明,例如年龄声明:
public string GenerateJwtToken(string userId, int age, string issuer, string audience, string key)
{
var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(key));
var credentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Sub, userId),
new Claim("Age", age.ToString()),
new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
};
var token = new JwtSecurityToken(
issuer: issuer,
audience: audience,
claims: claims,
expires: DateTime.Now.AddMinutes(30),
signingCredentials: credentials);
return new JwtSecurityTokenHandler().WriteToken(token);
}
CopyInsert
通过以上步骤,你可以在 .NET 8.0 中配置和使用授权策略,以实现复杂的授权逻辑。