我正在尝试在 Hot Chocolategraphql
服务器中实现基于策略的授权。我正在查看他们的文档并参考Microsoft 的指南
我希望HandleRequirementAsync()
每当调用 a 时都会User query
调用它。
- 我注册授权和
User Policy
inConfigureServices
public void ConfigureServices(IServiceCollection services)
{
services.AddHttpContextAccessor();
services.AddAuthorization(options =>
{
options.AddPolicy("UserPolicy",
policy => policy.Requirements.Add(new UserRequirement()));
});
services.AddSingleton<Query>();
services.AddSingleton<IAuthorizationHandler, UserAuthorizationHandler>();
services.AddSingleton(typeof(IUserRepo), typeof(UserRepo));
services.AddSingleton(typeof(IBookRepository), typeof(BookRepository));
services.AddGraphQL(
SchemaBuilder.New()
.AddAuthorizeDirectiveType()
.AddType<UserType>()
.AddType<BookType>()
.AddQueryType<Query>());
}
- 我有
User requirement class
和handler
public class UserAuthorizationHandler : AuthorizationHandler<UserRequirement, IResolverContext>
{
private IHttpContextAccessor _accessor;
public UserAuthorizationHandler([Service] IHttpContextAccessor accessor)
{
_accessor = accessor;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, UserRequirement requirement,
IResolverContext resource)
{
context.Succeed(requirement);
return Task.CompletedTask;
}
}
public class UserRequirement : IAuthorizationRequirement
{
}
- 我声明了一个字段需要策略授权。
public class UserType
: ObjectType<User>
{
protected override void Configure(IObjectTypeDescriptor<User> descriptor)
{
descriptor.Field(t => t.Name).Type<NonNullType<StringType>>().Authorize("UserPolicy");
descriptor.Field(t => t.Id).Type<NonNullType<StringType>>();
}
}
问题
运行此代码时。我希望HandleRequirementAsync
将被调用。此方法应始终成功。但是,在请求用户时。实际发生的是未调用该方法,并且该请求立即被以下响应拒绝:
{
"errors": [
{
"message": "The current user is not authorized to access this resource.",
"locations": [
{
"line": 3,
"column": 5
}
],
"path": [
"user",
"name"
],
"extensions": {
"code": "AUTH_NOT_AUTHENTICATED"
}
}
]
}