我正在使用 .NET core 3 并且對于 AuthorizationFilter 繼承了 IAuthorizationFilter。在我的頂級屬性上,我添加了自定義屬性(ModulePermission)。
我需要獲取 AuthorizeActionFilter -> OnAuthorization 函式上的屬性值。
但是,我可以訪問當前操作 customattribute(ActionPermission)。但我的頂級屬性為空。( var module = actionDescriptor.MethodInfo.GetCustomAttributes(true).FirstOrDefault(i => i is ModulePermissionAttribute); )
例子
API 控制器:
[ModulePermission(Module.Product)]
[Route("api/products")]
[ApiController]
public class ProductController : BaseApiController
{
public ProductController()
{
}
[Route(""), HttpPost, ActionPermission(Action.READ)]
public Response<Product> Get()
{
// some code
}
}
授權等級:
using System;
using System.Linq;
using System.Reflection;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.AspNetCore.Mvc.Filters;
public enum Module
{
User,
Product
}
public enum Action
{
Read,
Delete,
Add,
Edit
}
[AttributeUsage(AttributeTargets.Method, AllowMultiple = false)]
public class ActionPermissionAttribute : Attribute
{
private Action _action;
public Action action { get { return action; } }
public ActionPermissionAttribute(Action action = Action.Read)
{
_action = action;
}
}
[AttributeUsage(AttributeTargets.Class, AllowMultiple = false)]
public class ModulePermissionAttribute : Attribute
{
private string _module;
public string Module { get { return _module; } }
public ModulePermissionAttribute(string module = "")
{
if (string.IsNullOrEmpty(module))
{
_module = "Novalue";
}
else
{
_module = module;
}
}
public ModulePermissionAttribute(Type module)
{
_module = module.Name;
}
}
public class AuthorizeAttribute : TypeFilterAttribute
{
public AuthorizeAttribute()
: base(typeof(AuthorizeActionFilter))
{
}
}
public class AuthorizeActionFilter : IAuthorizationFilter
{
public AuthorizeActionFilter()
{
}
public void OnAuthorization(AuthorizationFilterContext context)
{
bool isAuthorized = //check authorized or not
var actionDescriptor = (context.ActionDescriptor as ControllerActionDescriptor);
var module = actionDescriptor.MethodInfo.GetCustomAttributes<ModulePermissionAttribute>(true).FirstOrDefault(i => i is ModulePermissionAttribute);
// **here module is always null**
var method = actionDescriptor.MethodInfo.GetCustomAttributes<ActionPermissionAttribute>(false).FirstOrDefault(i => i is ActionPermissionAttribute);
// check module and method exists for the user
if (!isAuthorized)
{
context.Result = new ForbidResult();
}
}
}
uj5u.com熱心網友回復:
通過使用 EndpointMetadata 找到答案
var module = context.ActionDescriptor.EndpointMetadata.OfType<ModulePermissionAttribute>().FirstOrDefault();
希望這可以幫助某人
轉載請註明出處,本文鏈接:https://www.uj5u.com/ruanti/490306.html
標籤:C# 网 asp.net 核心 asp.net-web-api
