0

我创建了一个策略,我需要检查我的处理程序中的数据,例如 userId 和 companyId ...

所以从名为用户的声明主体,我需要从中获取信息,请问我该怎么做

增加处理程序:

public class AddScreaningHandler : AuthorizationHandler<AddScreaning>
{
    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AddScreaning requirement)
    {
        
        var mvcContext = context.Resource as AuthorizationFilterContext;
        // get user infos
        var claims = context.User.Identities.First().Claims.ToList();
        var userCompanyId = context.User.HasClaim(u => u.Type == "id");
        throw new NotImplementedException();
    }
}

}

这是我需要政策的地方:控制器:

[Authorize(Policy = "AddScreaningHandler")]
        [HttpPost("newScreening")]
        public async Task<ActionResult<Screening>> createScreen(CreateScreeningDto createScreeningDto)
        {
            Screening screening = new Screening { creationDate = DateTime.Now, reflowId=Guid.NewGuid().ToString(), companyId = createScreeningDto.companyId, finished = false, lastUpdate = DateTime.Now, name = "", state = "screening-setup" };
            _context.Screenings.Add(screening);
            await _context.SaveChangesAsync();
            return Ok(screening);
        }

这是启动文件:

 services.AddAuthorization(options =>
            {
                options.AddPolicy("AddScreaningHandler", policy =>
                    policy.Requirements.Add(new AddScreaning()));
            });
            services.AddSingleton<IAuthorizationHandler, AddScreaningHandler>();
        }

我需要专注于我的处理程序addscreaninghandler 并获取用户信息,我该怎么做。

这是调试结果: 在此处输入图像描述

在此处输入图像描述

4

0 回答 0