based Authorization for multiple Claims in Asp.net Core

Got help from this article:

https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies

I tried to create some policies for my actions , but in some actions I want to have multiple policies , and if user has either of them, they can have access to Actions of controller :

    [Authorize(Policy = "CanAccessMenu1")]
    [Authorize(Policy = "CanAccessMenu2")]
 public async Task<IActionResult> ActionFroMultiplePolicies([FromBody] ActionRequest request)
        {
//..............
}

how can I merge this policies ? can I use something like this?

[Authorize(Policy = "CanAccessMenu1, CanAccessMenu2")]

In this case , maybe I need to have some changes in this override functions. But I dont have any idea about that :

Protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, CanAccessRequirement requirement)
        {
        }

Thanks for any help


Not the way you want; policies are designed to be cumulative. For example if you use two separate attributes then they must both pass.

You have to evaluate OR conditions within a single policy. But you don't have to code it as ORs within a single handler. You can have a requirement which has more than one handler. If either of the handlers flag success then the requirement is fulfilled. See Step 6 in blowdart's Authoriation Workshop.

链接地址: http://www.djcxy.com/p/90186.html

上一篇: 查询数据库以获取ASP.NET Core中的每个操作之前的角色授权

下一篇: 在Asp.net Core中为多个声明提供基于授权的授权