我想产生一种习俗特性,即如果用户在进入APIC途径之前能够获得资源,则将予以检查。 理想的情况是,在这条路上会看像这样的东西。
[HttpGet]
[Route("GetOrders")]
[SecurityFunctionFilter("GETORDERS")] // <-- desired attribute
public IActionResult GetOrders()
{
ActionResult response;
try
{
response = Ok();
}
catch
{
response = new StatusCodeResult(500);
}
return response;
}
为了落实这一点,我试图创建一种过滤器,延伸到阿特里亚特,并落实下文所述的伊特里亚化基金接口。 控制器路上的沥青将穿透安全功能,该功能将设于安全功能基金建筑商。 这将受到检查,如果收到虚假信息,将返回APIC404。
public class SecurityFunctionFilter : Attribute, IAuthorizationFilter
{
private readonly string _securityFunction;
public SecurityFunctionFilter(string securityFunction)
{
_securityFunction=securityFunction;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
// Not yet implemented, will check the users username against security function and return bool
if (_securityFunction == "GETORDERS")
{
context.Result = new StatusCodeResult(403);
}
}
}
Inside my program.cs, I did the following:
public static void Main(string[] args)
{
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();
builder.Services.AddCors(p => p.AddPolicy("corsapp", builder =>
{
builder.WithOrigins("*").AllowAnyMethod().AllowAnyHeader();
}));
builder.Services.AddScoped<SecurityFunctionFilter>();
var app = builder.Build();
// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
app.UseSwagger();
app.UseSwaggerUI();
app.UseCors("corsapp");
}
app.UseHttpsRedirection();
app.UseAuthorization();
app.MapControllers();
app.Run();
}
在试图操作时,有人向建筑商投掷错误。 建设。 这是错误:
Some services are not able to be constructed (Error while validating the service descriptor ServiceType: testing_proj_api.Filters.SecurityFunctionFilter Lifetime: Scoped ImplementationType: testing_proj_api.Filters.SecurityFunctionFilter : Unable to resolve service for type System.String while attempting to activate testing_proj_api.Filters.SecurityFunctionFilter .)
SOLUTION:
我需要做的是,从方案.cs的服务登记册中删除安全功能基金。
