How to Implement Custom Authorization in ASP.NET Core Using Claims?

Use a statement in ASP.NET CORE to achieve customized authorization attributes

Background

ASP.NET CORE

provides a convenient way to operate based on declaration. However, in the previous version, you can rewrite

to achieve customized authorization logic. This method no longer exists in AuthorizeAttribute. bool AuthorizeCore(HttpContextBase httpContext) AuthorizeAttribute The current method of using strategy

ASP.NET CORE team recommends using strategies for customized authorization. The following is the process:

Define strategy in :

1. Startup.cs

   Add attribute to your operation or controller:

   <code class="language-csharp"> options.AddPolicy("YourPolicyName", policy => policy.RequireClaim(...));</code>

2. [Authorize] Using the customized authorization attributes of the statement

   <code class="language-csharp"> [Authorize(Policy = "YourPolicyName")]
    public IActionResult Action(...)</code>

   If the strategy -based method is not applicable, you can use the
interface to create a custom

:

How to use examples: IAuthorizationFilter AuthorizeAttribute

By implementing the

<code class="language-csharp">public class ClaimRequirementAttribute : TypeFilterAttribute
{
    public ClaimRequirementAttribute(string claimType, string claimValue) : base(typeof(ClaimRequirementFilter))
    {
        Arguments = new object[] { new Claim(claimType, claimValue) };
    }
}

public class ClaimRequirementFilter : IAuthorizationFilter
{
    private readonly Claim _claim;

    public ClaimRequirementFilter(Claim claim)
    {
        _claim = claim;
    }

    public void OnAuthorization(AuthorizationFilterContext context)
    {
        bool hasClaim = context.HttpContext.User.Claims.Any(c => c.Type == _claim.Type && c.Value == _claim.Value);
        if (!hasClaim)
        {
            context.Result = new ForbidResult();
        }
    }
}</code>

method in your filter, you can specify the authorization logic according to the statement.

The above is the detailed content of How to Implement Custom Authorization in ASP.NET Core Using Claims?. For more information, please follow other related articles on the PHP Chinese website!