要将控制器标记为需要授权,您通常会将其装饰为:
[授权]public class MyController:Controller我们的身份验证是通过第三方提供商并给予它的方式……
如果您使用的是Asp.NET Core,请按照此处的文档:
https://docs.microsoft.com/en-us/aspnet/core/security/authorization/policies?view=aspnetcore-2.1 https://docs.microsoft.com/en-us/aspnet/core/security/authorization/dependencyinjection?view=aspnetcore-2.1
您可以像这样制定自定义政策:
public class EnvironmentAuthorize : IAuthorizationRequirement { public string Environment { get; set; } public EnvironmentAuthorize(string env) { Environment = env; } } public class EnvironmentAuthorizeHandler : AuthorizationHandler<EnvironmentAuthorize> { private readonly IHostingEnvironment envionment; public EnvironmentAuthorizeHandler(IHostingEnvironment env) { envionment = env; } protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, EnvironmentAuthorize requirement) { if (requirement.Environment != envionment.EnvironmentName) { context.Succeed(requirement); } return Task.CompletedTask; } }
在de Startup.cs中:
services.AddAuthorization(options => { options.AddPolicy("ProductionOnly", policy => policy.Requirements.Add(new EnvironmentAuthorize("Production"))); }); services.AddSingleton<IAuthorizationHandler, EnvironmentAuthorizeHandler>();
在控制器中:
[Authorize(Policy = "ProductionOnly")] public class MyController : Controller
虽然这是可能的,但我不能推荐这个,在不同的环境中有不同的行为 的 真 强> 一个噩梦。