ASP.NET 5 Handling Permissions with Authorize Attribute
I am struggling with the new ASP.NET 5 Authorization:
I would like to define a permission to each Action, and configure in the Database, what user / group does have which permission.
Unfortunately, I don't see a way to handle this with the new Authorize Attribute / Policies.
(Side information: I am planning to have about 100 permissions, 1000 users, 50 groups; in the past, I solved this with a custom Authorize Attribute, and the "HandleUnauthorizedRequest" method)
Abstract your permissions out to an IPermissionsProvider
, then implement it, add it to DI and inject it into the handler for your requirements.
That way inside Handle you can call out to your database with the user, and the action details from the Context parameter (you will need to cast it to Microsoft.AspNet.Mvc.Filters.AuthorizationContext
to get at the request and routing details)
上一篇: ASP.NET MVC中的自定义安全场景
下一篇: ASP.NET 5使用授权属性处理权限