我有一个包含多个应用程序的项目,每个应用程序都包含在 /Pages 中的特定文件夹中。/Pages/PTW、/Page/JM 等。我已经为每个页面实现了用户身份验证和角色管理。我想为公司实施策略授权,以便特定公司用户可以访问特定文件夹中的页面,我尝试了这个:
using System;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using RoSafety.Models;
using System.Linq;
using Microsoft.EntityFrameworkCore;
using RoSafety.Data;
public class AccessCodeRequirement : IAuthorizationRequirement
{
public string AccessCode { get; set; }
public AccessCodeRequirement(string accessCode)
{
AccessCode = accessCode;
}
}
public class AccessCodeHandler : AuthorizationHandler<AccessCodeRequirement>
{
private readonly ApplicationDbContext _context;
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
AccessCodeRequirement requirement)
{
var userId = context.User.FindFirstValue(ClaimTypes.NameIdentifier);
var orgID = _context.UsersData.Where(x => x.Id == userId).Select(x => x.OrgID).FirstOrDefault();
var orgAccess = _context.CompanyAccesses.Select(x => x.AccessCode).ToList();
foreach(var a in orgAccess)
{
var access = a;
if(access == requirement.AccessCode)
{
context.Succeed(requirement);
}
}
return Task.CompletedTask;
}
}
在我添加的启动中
options.AddPolicy("PTW", policy =>
policy.Requirements.Add(new AccessCodeRequirement("RO-01")));
在我的页面上
[Authorize(Policy = "PTW")]
CompanyAccesses 表中 OrgID 的 AccessCode 是“RO-01”,但我仍然拒绝访问。我做错了什么?