Similar Topics...
 |
Custom Authorization in .NET Core In .NET Core you can create a custom 'Authorize' tag for your controller class and/or methods: (similar to overriding AuthorizeAttribute as might be done in .NET Framework) [AuthorizeAPI(Feature.User)] // or whatever string [Route("api/my")] public class MyController : Controller or [AuthorizeAPI(Feature.User)] // or whatever string [HttpGet("[action]")] public List<int> GetData() By adding the following classes: /// <summary> /// Handle custom authorization. /// </summary> public class AuthorizeAPIFeatureAttribute : TypeFilterAttribute { public AuthorizeAPIFeatureAttribute(string claimValue) : base(typeof(ClaimRequirementFilter)) { Arguments = new object[] { new Claim("", claimValue) }; } } public class ClaimRequirementFilter : IAuthorizationFilter { readonly Claim _claim; public ClaimRequirementFilter(Claim claim) { _claim = claim; } public void OnAuthorization(AuthorizationFilterContext context) { var hasClaim = _claim.Value != null; // CUSTOM LOGIC GOES HERE if (!hasClaim) { context.Result = new ForbidResult(); } } } No other registration is required.
Created By: amos 8/28/2019 10:01:04 AM
|
|
|
|
|
|