public LoginController(ISysUserInfoServices sysUserInfoServices, IUserRoleServices userRoleServices, IRoleServices roleServices, PermissionRequirement requirement) { _sysUserInfoServices = sysUserInfoServices; _requirement = requirement; _roleServices = roleServices; _userRoleServices = userRoleServices; }
/// <summary> /// 构造函数注入 /// </summary> /// <param name="sysUserInfoServices"></param> /// <param name="userRoleServices"></param> /// <param name="roleServices"></param> /// <param name="requirement"></param> public LoginController(IsysUserInfoServices sysUserInfoServices, IUserRoleServices userRoleServices, IRoleServices roleServices, PermissionRequirement requirement) { this.sysUserInfoServices = sysUserInfoServices; this.userRoleServices = userRoleServices; this.roleServices = roleServices; _requirement = requirement; }
/// <summary> /// 自定义的一组授权策略,组名 Permission【Permissions.Name】,组内角色:自定义 /// </summary> /// <param name="services"></param> public static void AddCustomAuthorization(this IServiceCollection services) { //读取配置文件 var symmetricKeyAsBase64 = AppSecretConfig.Audience_Secret_String; var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64); var signingKey = new SymmetricSecurityKey(keyByteArray); var Issuer = Appsettings.app(new string[] { "Audience", "Issuer" }); var Audience = Appsettings.app(new string[] { "Audience", "Audience" }); var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256); // 如果要数据库动态绑定,这里先留个空,后边处理器里动态赋值 var permission = new List <PermissionItem>(); // 角色与接口的权限要求参数 PermissionRequirement permissionRequirement = new PermissionRequirement( deniedAction: "/api/denied", // 拒绝授权的跳转地址(目前无用) permissions: permission, claimType: ClaimTypes.Role, //基于角色的授权 issuer: Issuer, //发行人 audience: Audience, //听众 signingCredentials: signingCredentials, //签名凭据 expiration: TimeSpan.FromSeconds(60 * 60) //接口的过期时间 ); services.AddAuthorization(options => { options.AddPolicy(Permissions.Name, policy => policy.Requirements.Add(permissionRequirement)); }); // 替换默认的授权过滤器权限处理器,先把 permissionRequirement 注册单例 services.AddSingleton(permissionRequirement); services.AddSingleton <IAuthorizationHandler, PermissionHandler>(); }
/// <summary> /// 初始化 /// </summary> /// <param name="requirement"></param> /// <param name="userService"></param> /// <param name="userLogonService"></param> /// <param name="mapper"></param> public LoginController(PermissionRequirement requirement, ISysUserService userService, ISysUserLogonService userLogonService, IMapper mapper) { _requirement = requirement; _userService = userService; _userLogonService = userLogonService; _mapper = mapper; }
public AuthRepository(PermissionRequirement requirement, RedisClient redisClient, IConfig config, IEventBus eventBus) { _requirement = requirement; _redisClient = redisClient; _config = config; _eventBus = eventBus; }
public EFCoreTestController(PermissionRequirement permissionRequirement, IMainServices iMainServices , IChildrenServices iChildrenServices) { _permissionRequirement = permissionRequirement; _iMainServices = iMainServices; _iChildrenServices = iChildrenServices; }
/// <summary> /// 依赖注入 /// </summary> /// <param name="userService"></param> /// <param name="requirement"></param> /// <param name="cacheService"></param> public LoginController(IUserService userService, PermissionRequirement requirement, IServiceProvider cacheService) { _userService = userService; _requirement = requirement; _cacheRedis = cacheService.GetService <RedisCacheService>(); _cacheMemory = cacheService.GetService <MemoryCacheService>(); }
/// <summary> /// 获取基于JWT的Token /// </summary> /// <param name="claims">需要在登陆的时候配置</param> /// <param name="permissionRequirement">在startup中定义的参数</param> /// <returns></returns> public static TokenInfoViewModel BuildJwtToken(Claim[] claims, PermissionRequirement permissionRequirement) { var now = DateTime.Now; // 实例化JwtSecurityToken var jwt = new JwtSecurityToken( issuer: permissionRequirement.Issuer, audience: permissionRequirement.Audience, claims: claims, notBefore: now, expires: now.Add(permissionRequirement.Expiration), signingCredentials: permissionRequirement.SigningCredentials ); // 生成 Token var encodedJwt = new JwtSecurityTokenHandler().WriteToken(jwt); //打包返回前台 var responseJson = new TokenInfoViewModel { success = true, token = encodedJwt, expires_in = permissionRequirement.Expiration.TotalSeconds, token_type = "Bearer" }; return(responseJson); }
public void ConfigureServices(IServiceCollection services) { services.AddMvc(); services.AddAuthorization(options => { //这个集合模拟用户权限表,可从数据库中查询出来 var permission = new List <Permission> { new Permission { Url = "/", Name = "admin" }, new Permission { Url = "/home/permissionadd", Name = "admin" }, new Permission { Url = "/", Name = "system" }, new Permission { Url = "/home/contact", Name = "system" } }; //如果第三个参数,是ClaimTypes.Role,上面集合的每个元素的Name为角色名称,如果ClaimTypes.Name,即上面集合的每个元素的Name为用户名 var permissionRequirement = new PermissionRequirement("/denied", permission, ClaimTypes.Role); options.AddPolicy("Permission", policy => policy.Requirements.Add(permissionRequirement)); }).AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options => { options.LoginPath = new PathString("/login"); options.AccessDeniedPath = new PathString("/denied"); }); //注入授权Handler services.AddSingleton <IAuthorizationHandler, PermissionHandler>(); }
/// <summary> /// 构造函数注入 /// </summary> /// <param name="sysUserInfoServices"></param> /// <param name="userRoleServices"></param> /// <param name="roleServices"></param> /// <param name="requirement"></param> public LoginController(IUserInfoService sysUserInfoServices, IUserRoleService userRoleServices, IRoleInfoService roleServices, PermissionRequirement requirement) { this._userInfoService = sysUserInfoServices; this._userRoleService = userRoleServices; this._roleService = roleServices; _requirement = requirement; }
/// <summary> /// 配置服务 /// </summary> public void ConfigureServices(IServiceCollection services) { // auth 默认配置 var audienceConfig = Configuration.GetSection("Audience"); var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(audienceConfig["Secret"])), SecurityAlgorithms.HmacSha256); var permissionRequirement = new PermissionRequirement(audienceConfig["Issuer"], audienceConfig["Audience"], signingCredentials, TimeSpan.FromHours(4)); services.AddSingleton(permissionRequirement); // 添加基础设施服务 services.AddBucket(); // 添加数据ORM services.AddSQLSugarClient <SqlSugarClient>(config => { config.ConnectionString = Configuration.GetSection("SqlSugarClient")["ConnectionString"]; config.DbType = DbType.MySql; config.IsAutoCloseConnection = false; config.InitKeyType = InitKeyType.Attribute; }); // 添加错误码服务 services.AddErrorCodeServer(Configuration); // 添加配置服务 services.AddConfigService(Configuration); // 添加事件驱动 services.AddEventBus(builder => { builder.UseRabbitMQ(Configuration); }); // 添加服务发现 services.AddServiceDiscovery(builder => { builder.UseConsul(Configuration); }); // 添加事件队列日志 services.AddEventLog(); // 添加链路追踪 services.AddTracer(Configuration); services.AddEventTrace(); // 添加业务注册 services.AddScoped <IAuthBusiness, AuthBusiness>(); // 添加过滤器 services.AddMvc(options => { options.Filters.Add(typeof(WebApiActionFilterAttribute)); }).AddJsonOptions(options => { options.SerializerSettings.ContractResolver = new DefaultContractResolver(); options.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss.fff"; }); // 添加接口文档 services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Title = "品值认证授权中心", Version = "v1" }); c.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, "Pinzhi.Identity.WebApi.xml")); // Swagger验证部分 c.AddSecurityDefinition("Bearer", new ApiKeyScheme { In = "header", Description = "请输入带有Bearer的Token", Name = "Authorization", Type = "apiKey" }); c.AddSecurityRequirement(new Dictionary <string, IEnumerable <string> > { { "Bearer", Enumerable.Empty <string>() } }); }); // 添加工具 services.AddUtil(); }
public static void AddAuthorizationSetup(this IServiceCollection services) { if (services == null) { throw new ArgumentNullException(nameof(services)); } //读取配置 var symmetricKeyAsBase64 = Appsettings.app("Audience", "Secret"); var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64); var signingKey = new SymmetricSecurityKey(keyByteArray); //令牌验证参,之前写在AddJwtBearer里面 var tokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, //验证发行人的签名秘钥 IssuerSigningKey = signingKey, ValidateIssuer = true, //验证发行人 ValidIssuer = Appsettings.app("Audience", "Issuer"), ValidateAudience = true, //验证订阅人 ValidateLifetime = true, //验证生命周期 ClockSkew = TimeSpan.Zero, //定义的过期缓存时间 RequireExpirationTime = true, //是否要求过期 }; var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256); //数据库动态绑定 var permission = new List <PermissionItem>(); //角色与接口的权限要求参数 var permissionRequirenment = new PermissionRequirement( "拒绝授权的跳转地址", //(目前无用) permission, ClaimTypes.Role, //角色授权, Appsettings.app("Audience", "Issuer"), //发行人 Appsettings.app("Audience", "Audience"), //订阅人 signingCredentials, expiration: TimeSpan.FromSeconds(60 * 2) ///接口的过期时间,注意这里没有了缓冲时间, //你也可以自定义,在上边的TokenValidationParameters的 ClockSkew ); // ① 核心之一,配置授权服务,也就是具体的规则,已经对应的权限策略,比如公司不同权限的门禁卡 services.AddAuthorization(options => { options.AddPolicy("Client", policy => policy.RequireRole("Client").Build()); options.AddPolicy("Admin", policy => policy.RequireRole("Admin").Build()); options.AddPolicy("SystemOrAdmin", policy => policy.RequireRole("Admin", "System")); }) .AddAuthentication(x => { x.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; x.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(o => { o.TokenValidationParameters = tokenValidationParameters; }); services.AddSingleton <IAuthorizationHandler, PermissionHandler>(); //将授权的必要类注入生命周期 services.AddSingleton(permissionRequirenment); }
// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { // 定义角色 var audience = Configuration.GetSection("Audience")["Audience"]; var secret = Configuration.GetSection("Audience")["Secret"]; var issuer = Configuration.GetSection("Audience")["Issuer"]; //对称加密 var signingKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(secret)); //签署凭证 var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256); var userPerssions = new List <UserPermission> { new UserPermission { Url = "/weatherforecast", Name = "admin" } }; // 权限设置 var permissionRequirement = new PermissionRequirement("/denied", userPerssions, ClaimTypes.Role, issuer, audience, signingCredentials, TimeSpan.FromSeconds(1000)); services.AddAuthorization(opt => { opt.AddPolicy("Permission", policy => { policy.Requirements.Add(permissionRequirement); }); }) .AddAuthentication(opt => { opt.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; opt.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; }) .AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, opt => { opt.RequireHttpsMetadata = false; opt.TokenValidationParameters = new TokenValidationParameters { ValidateIssuerSigningKey = true, IssuerSigningKey = signingKey, ValidateIssuer = true, ValidIssuer = issuer, ValidateAudience = true, ValidAudience = audience, ValidateLifetime = true, ClockSkew = TimeSpan.Zero, RequireExpirationTime = true }; }); services.AddSingleton <IAuthorizationHandler, PermissionHandler>(); services.AddSingleton(permissionRequirement); services.AddControllers(opt => { opt.EnableEndpointRouting = false; }); }
public LoginController(ILogger <LoginController> logger, IUserServices services, ICache cache, PermissionRequirement requirement, IoperatingLogServices ioperatingLogServices) { this.logger = logger; this.services = services; this.cache = cache; this.requirement = requirement; this.ioperatingLogServices = ioperatingLogServices; }
public EFCoreTestController(PermissionRequirement permissionRequirement, IMainServices iMainServices/*, AuthorDomainSvc authorDomainSvc*/ , IChildrenServices iChildrenServices) { _permissionRequirement = permissionRequirement; //_authorDomainSvc = authorDomainSvc; _iMainServices = iMainServices; _iChildrenServices = iChildrenServices; }
public RequiresPermissionAttributeImpl(ILogger <RequiresPermissionAttribute> logger, IAuthorizationService authService, PermissionRequirement permissionRequirement) { _logger = logger; _authService = authService; _permissionRequirement = permissionRequirement; }
/// <summary> /// 构造函数注入 /// </summary> /// <param name="SysAdminRepository"></param> /// <param name="userRoleRepository"></param> /// <param name="roleRepository"></param> /// <param name="requirement"></param> public LoginController(ISysAdminRepository SysAdminRepository, IUserRoleRepository userRoleRepository, IRoleRepository roleRepository, PermissionRequirement requirement, ITeacherRepository iTeacherRepository) { this._SysAdminRepository = SysAdminRepository; this._userRoleRepository = userRoleRepository; this._roleRepository = roleRepository; this._requirement = requirement; this._iTeacherRepository = iTeacherRepository; }
/// <summary> /// 构造函数注入 /// </summary> /// <param name="sysUserInfoServices"></param> /// <param name="userRoleServices"></param> /// <param name="roleServices"></param> /// <param name="requirement"></param> /// <param name="roleModulePermissionServices"></param> public LoginController(ISysUserInfoServices sysUserInfoServices, IUserRoleServices userRoleServices, IRoleServices roleServices, PermissionRequirement requirement, IRoleModulePermissionServices roleModulePermissionServices) { this._sysUserInfoServices = sysUserInfoServices; this._userRoleServices = userRoleServices; this._roleServices = roleServices; _requirement = requirement; _roleModulePermissionServices = roleModulePermissionServices; }
/// <summary> /// 构造函数注入 /// </summary> /// <param name="mapper"></param> /// <param name="userSvc"></param> /// <param name="roleSvc"></param> /// <param name="menuSvc"></param> /// <param name="requirement"></param> public LoginController(IMapper mapper, IUserSvc userSvc, IRoleSvc roleSvc, IMenuSvc menuSvc, PermissionRequirement requirement) { _mapper = mapper; _userSvc = userSvc; _roleSvc = roleSvc; _menuSvc = menuSvc; _requirement = requirement; }
/// <summary> /// 配置服务 /// </summary> public void ConfigureServices(IServiceCollection services) { // auth 默认配置 var audienceConfig = Configuration.GetSection("Audience"); var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(Encoding.ASCII.GetBytes(audienceConfig["Secret"])), SecurityAlgorithms.HmacSha256); var permissionRequirement = new PermissionRequirement(audienceConfig["Issuer"], audienceConfig["Audience"], signingCredentials, TimeSpan.FromHours(4)); services.AddSingleton(permissionRequirement); // 添加基础设施服务 services.AddBucket(); // 添加数据ORM services.AddSQLSugarClient <SqlSugarClient>(config => { config.ConnectionString = Configuration.GetSection("SqlSugarClient")["ConnectionString"]; config.DbType = DbType.MySql; config.IsAutoCloseConnection = false; config.InitKeyType = InitKeyType.Attribute; }); // 添加错误码服务 services.AddErrorCodeService(Configuration); // 添加配置服务 services.AddConfigService(Configuration); // 添加事件驱动 var eventConfig = Configuration.GetSection("EventBus").GetSection("RabbitMQ"); services.AddEventBus(option => { option.UseRabbitMQ(opt => { opt.HostName = eventConfig["HostName"]; opt.Port = Convert.ToInt32(eventConfig["Port"]); opt.ExchangeName = eventConfig["ExchangeName"]; opt.QueueName = eventConfig["QueueName"]; }); }); // 添加服务发现 services.AddServiceDiscoveryConsul(Configuration); // 添加业务注册 services.AddScoped <IAuthBusiness, AuthBusiness>(); // 添加过滤器 services.AddMvc(options => { options.Filters.Add <WebApiActionFilterAttribute>(); }).AddJsonOptions(options => { options.SerializerSettings.ContractResolver = new DefaultContractResolver(); options.SerializerSettings.DateFormatString = "yyyy-MM-dd HH:mm:ss"; }); // 添加接口文档 services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Title = "品值认证授权中心", Version = "v1" }); c.IncludeXmlComments(Path.Combine(AppContext.BaseDirectory, "Pinzhi.Identity.WebApi.xml")); }); // 添加工具 services.AddUtil(); }
/// <summary> /// 构造函数注入 /// </summary> /// <param name="loginServce"></param> /// <param name="sysUserInfoServices"></param> /// <param name="userRoleServices"></param> /// <param name="roleServices"></param> /// <param name="requirement"></param> /// <param name="roleModulePermissionServices"></param> public LoginController(ILoginService loginServce, ISysUserInfoService sysUserInfoServices, IUserRoleService userRoleServices, IRoleService roleServices, PermissionRequirement requirement, IRoleModulePermissionService roleModulePermissionServices) { this._sysUserInfoServices = sysUserInfoServices; this._userRoleServices = userRoleServices; this._roleServices = roleServices; _requirement = requirement; _roleModulePermissionServices = roleModulePermissionServices; this.loginService = loginServce; }
public PowerRoleController(IPowerGroupServices powerGroupServices, IUser user, IPowerDetailServices powerDetailServices, IUnitOfWork unitOfWork, IMapper mapper, PermissionRequirement requirement) { this._powerGroupServices = powerGroupServices; this.user = user; this.powerDetailServices = powerDetailServices; this.unitOfWork = unitOfWork; this.mapper = mapper; this.requirement = requirement; }
public LoginController_Should() { var container = dI_Test.DICollections(); _sysUserInfoServices = container.Resolve <ISysUserInfoServices>(); _userRoleServices = container.Resolve <IUserRoleServices>(); _roleServices = container.Resolve <IRoleServices>(); _requirement = container.Resolve <PermissionRequirement>(); loginController = new LoginController(_sysUserInfoServices, _userRoleServices, _roleServices, _requirement); }
public HomeController(IIdentityServerInteractionService interaction, IAuthenticationSchemeProvider schemeProvider, IClientStore clientStore, IRepository <UsersEntities> repository, IEventService events, PermissionRequirement permission, IHttpClientFactory httpClientFactory) { this._interaction = interaction; this._schemeProvider = schemeProvider; this._clientStore = clientStore; this._repository = repository; this._events = events; this._requirement = permission; this._httpClientFactory = httpClientFactory; }
/// <summary> /// 构造函数 /// </summary> /// <param name="permissionServices"></param> /// <param name="moduleServices"></param> /// <param name="roleModulePermissionServices"></param> /// <param name="userRoleServices"></param> /// <param name="httpContext"></param> /// <param name="user"></param> /// <param name="requirement"></param> public PermissionController(IPermissionServices permissionServices, IModuleServices moduleServices, IRoleModulePermissionServices roleModulePermissionServices, IUserRoleServices userRoleServices, IHttpContextAccessor httpContext, IUser user, PermissionRequirement requirement) { _permissionServices = permissionServices; _moduleServices = moduleServices; _roleModulePermissionServices = roleModulePermissionServices; _userRoleServices = userRoleServices; _httpContext = httpContext; _user = user; _requirement = requirement; }
/// <summary> /// 构造函数 /// </summary> /// <param name="_jwtSettingsAccesser"></param> /// <param name="userServer"></param> /// <param name="permissionRequirement"></param> /// <param name="hostingEnvironment"></param> /// <param name="logger"></param> public AuthorizeController(IOptions <JwtSettings> _jwtSettingsAccesser, IUserServer userServer, PermissionRequirement permissionRequirement, IWebHostEnvironment hostingEnvironment, ILogger <AuthorizeController> logger ) : base(logger) { this._jwtSettings = _jwtSettingsAccesser.Value; this._userserver = userServer; this._requirement = permissionRequirement; this._hostingEnvironment = hostingEnvironment; }
public void ConfigureServices(IServiceCollection services) { //【1数据库连接字符串】数据库连接字符串读取方式 var connectionString1 = Configuration.GetConnectionString("ConnectionString1"); var connectionString2 = Configuration.GetConnectionString("ConnectionString2"); #region 【2固定角色Cookie验证】 注入验证 2.0 services.AddAuthentication(options => { options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, m => { m.LoginPath = new PathString("/login"); m.AccessDeniedPath = new PathString("/home/error"); m.LogoutPath = new PathString("/logout"); m.Cookie.Path = "/"; }); #endregion #region 【4自定义策略Cookie验证】与固定角色Cookie验证二选一 services.AddAuthorization(options => { //这个集合模拟用户权限表,可从数据库中查询出来 var permission = new List <Permission> { new Permission { Url = "/", Name = "admin" }, new Permission { Url = "/home/permissionadd", Name = "admin" }, new Permission { Url = "/", Name = "system" }, new Permission { Url = "/home/contact", Name = "system" } }; //如果第三个参数,是ClaimTypes.Role,上面集合的每个元素的Name为角色名称,如果ClaimTypes.Name,即上面集合的每个元素的Name为用户名 var permissionRequirement = new PermissionRequirement("/denied", permission, ClaimTypes.Role); options.AddPolicy("Permission", policy => policy.Requirements.Add(permissionRequirement)); }).AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(options => { options.LoginPath = new PathString("/login"); options.AccessDeniedPath = new PathString("/denied"); options.ExpireTimeSpan = TimeSpan.FromSeconds(20); }); //注入授权Handler services.AddSingleton <IAuthorizationHandler, PermissionHandler>(); #endregion services.AddMvc(); }
// This method gets called by the runtime. Use this method to add services to the container. // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=398940 public void ConfigureServices(IServiceCollection services) { services.AddGrpc(); #region 集成JWT // 将公共的信息提取出来,这里可以放到配置文件中,统一读取;以下直接在程序中写死了 // 秘钥,这是生成Token需要秘钥,就是理论提及到签名那块的秘钥 string secret = "TestSecretTestSecretTestSecretTestSecret"; // 签发者,是由谁颁发的 string issuer = "TestgRPCIssuer"; // 接受者,是给谁用的 string audience = "TestgRPCAudience"; // 注册服务,显示指定为Bearer services.AddAuthentication("Bearer") .AddJwtBearer(options => { options.TokenValidationParameters = new TokenValidationParameters { // 是否验证秘钥 ValidateIssuerSigningKey = true, // 指定秘钥 IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(secret)), // 是否验证颁发者 ValidateIssuer = true, // 指定颁发者 ValidIssuer = issuer, // 是否验证接受者 ValidateAudience = true, // 指定接受者 ValidAudience = audience, // 设置必须要有超时时间 RequireExpirationTime = true, // 设置必须验证超时 ValidateLifetime = true, // 将其赋值为0时,即设置有效时间到期,就马上失效 ClockSkew = TimeSpan.Zero }; }); #endregion var permissionRequirement = new PermissionRequirement { Permissions = new List <PermissionData>() }; //针对授权定义策略 services.AddAuthorization(option => { // 同样是策略模式,只是基于Requirement进行权限验证,验证逻辑自己写 option.AddPolicy("Permission", p => p.Requirements.Add(permissionRequirement)); }); // 将权限验证的关键类注册,Jwt的策略模式指定为Requirements时就会自动执行该类方法 services.AddScoped <IAuthorizationHandler, PermissionHandler>(); // 将permissionRequirement实例注册为单例模式,保证系统中就一个实例,方便权限数据共享 services.AddSingleton(permissionRequirement); // 注册IHttpContextAccessor,后续可以通过它可以获取HttpContext,操作方便 services.AddSingleton <IHttpContextAccessor, HttpContextAccessor>(); }
/// <summary> /// 构造函数 /// </summary> /// <param name="_jwtSettingsAccesser"></param> /// <param name="userServer"></param> /// <param name="redisCacheManager"></param> /// <param name="rabbitMQ">消息队列</param> /// <param name="permissionRequirement"></param> /// <param name="hostingEnvironment"></param> /// <param name="schedulerCenter"></param> public AuthorizeController(IOptions <JwtSettings> _jwtSettingsAccesser, IUserServer userServer, IRedisCacheManager redisCacheManager, IRabbitMQ rabbitMQ, PermissionRequirement permissionRequirement, IHostingEnvironment hostingEnvironment, ISchedulerCenter schedulerCenter) { this._jwtSettings = _jwtSettingsAccesser.Value; this._userserver = userServer; this._redisCacheManager = redisCacheManager; this._requirement = permissionRequirement; this._hostingEnvironment = hostingEnvironment; this._rabbitMQ = rabbitMQ; }
public PermissionFilter( IAuthorizationService authService, PermissionRequirement requirement) { //you can inject dependencies via DI _authService = authService; //the requirement contains permissions you set in attribute above //for example: Permission.Foo, Permission.Bar _requirement = requirement; }