我正在寻找有关如何使用 GraphQL.NET 和 ASP.NET CORE 2 在解析器功能级别实现授权的示例代码和示例。
基本上,如果请求未经授权,我会尝试阻止执行查询。
任何人都可以帮助我获得一些好的教程或代码示例作为实现的参考。
问问题
8877 次
2 回答
10
graphql -dotnet/authorization的页面AspNetCore尚未发布,请参考Add GraphQL.Server.Authorization.AspNetCore NuGet package #171。
您可以实现Authorization.AspNetCore供您自己使用。
实施后Authorization.AspNetCore,您可以配置Authorize如下:
Startup.cspublic class Startup { public Startup(IConfiguration configuration, IHostingEnvironment hostingEnvironment) { Configuration = configuration; Environment = hostingEnvironment; } public IConfiguration Configuration { get; } public IHostingEnvironment Environment { get; } // This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { services.Configure<CookiePolicyOptions>(options => { // This lambda determines whether user consent for non-essential cookies is needed for a given request. options.CheckConsentNeeded = context => true; options.MinimumSameSitePolicy = SameSiteMode.None; }); services.AddAuthentication(option => { option.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; option.DefaultChallengeScheme = CookieAuthenticationDefaults.AuthenticationScheme; option.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; }).AddCookie(CookieAuthenticationDefaults.AuthenticationScheme); services.AddGraphQL(options => { options.EnableMetrics = true; options.ExposeExceptions = Environment.IsDevelopment(); //options. }) .AddGraphQLAuthorization(options => { options.AddPolicy("Authorized", p => p.RequireAuthenticatedUser()); //var policy = new AuthorizationPolicyBuilder() // . //options.AddPolicy("Authorized", p => p.RequireClaim(ClaimTypes.Name, "Tom")); }); //.AddUserContextBuilder(context => new GraphQLUserContext { User = context.User }); services.AddSingleton<MessageSchema>(); services.AddSingleton<MessageQuery>(); services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler("/Home/Error"); app.UseHsts(); } app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseCookiePolicy(); app.UseAuthentication(); app.UseGraphQL<MessageSchema>("/graphql"); app.UseGraphQLPlayground(new GraphQLPlaygroundOptions() { Path = "/ui/playground" }); app.UseGraphiQLServer(new GraphiQLOptions { GraphiQLPath = "/ui/graphiql", GraphQLEndPoint = "/graphql" }); app.UseMvc(routes => { routes.MapRoute( name: "default", template: "{controller=Home}/{action=Index}/{id?}"); }); } }架构
public class MessageQuery : ObjectGraphType<Message> { public MessageQuery() { Field(o => o.Content).Resolve(o => "This is Content").AuthorizeWith("Authorized"); Field(o => o.SentAt); Field(o => o.Sub).Resolve(o => "This is Sub"); } }
如需完整演示,请参阅GraphQLNet。
于 2018-11-30T07:41:44.870 回答
8
要获得 GraphQL.Net 在 ASP.NET Core 中工作的授权,首先安装这个包:
GraphQL.Server.Authorization.AspNetCore
在 Startup.cs 中,在 ConfigureServices 中添加以下内容。确保添加这些 using 语句:
using GraphQL.Validation;
using GraphQL.Server.Authorization.AspNetCore;
public void ConfigureServices(IServiceCollection services)
{
//... other code
services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
services
.AddTransient<IValidationRule, AuthorizationValidationRule>()
.AddAuthorization(options =>
{
options.AddPolicy("LoggedIn", p => p.RequireAuthenticatedUser());
});
//... other code
}
现在您将能够AuthorizeWith()在解析器级别使用来保护该字段。例子:
public class MyQuery : ObjectGraphType
{
public MyQuery(ProductRepository productRepository)
{
Field<ListGraphType<ProductType>>(
"products",
resolve: context => productRepository.GetAllAsync()
).AuthorizeWith("LoggedIn");
}
}
您还可以通过添加this.AuthorizeWith()到 Query 构造函数的顶部来保护所有查询,如下所示:
public class MyQuery : ObjectGraphType
{
public MyQuery(ProductRepository productRepository)
{
this.AuthorizeWith("LoggedIn");
Field<ListGraphType<ProductType>>(
"products",
resolve: context => productRepository.GetAllAsync()
);
}
}
这样,任何未经身份验证的对 GraphQL 端点的访问都将被拒绝。
现在就登录某人而言,有很多方法可以做到这一点。这是一个基于 Cookie 的快速身份验证示例:
在 Startup.cs 的 ConfigureServices 中配置基于 cookie 的身份验证:
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme).AddCookie(o =>
{
o.Cookie.Name = "graph-auth";
});
使用突变登录某人:
public class Session
{
public bool IsLoggedIn { get; set; }
}
public class SessionType : ObjectGraphType<Session>
{
public SessionType()
{
Field(t => t.IsLoggedIn);
}
}
public class MyMutation : ObjectGraphType
{
public MyMutation(IHttpContextAccessor contextAccessor)
{
FieldAsync<SessionType>(
"sessions",
arguments: new QueryArguments(
new QueryArgument<NonNullGraphType<StringGraphType>> { Name = "password" }),
resolve: async context =>
{
string password = context.GetArgument<string>("password");
// NEVER DO THIS...for illustration purpose only! Use a proper credential management system instead. :-)
if (password != "123")
return new Session { IsLoggedIn = false };
var principal = new ClaimsPrincipal(new ClaimsIdentity("Cookie"));
await contextAccessor.HttpContext.SignInAsync(principal, new AuthenticationProperties
{
ExpiresUtc = DateTime.UtcNow.AddMonths(6),
IsPersistent = true
});
return new Session { IsLoggedIn = true };
});
}
}
于 2020-01-23T18:30:27.843 回答