是否可以针对两个或多个策略应用授权?我正在使用 ASP.NET 5,rc1.
Is it possible to apply authorization against two or more policies? I am using ASP.NET 5, rc1.
[Authorize(Policy = "Limited,Full")]
public class FooBarController : Controller
{
// This code doesn't work
}
如果没有,我如何在不使用策略的情况下实现这一目标?有两组用户可以访问此控制器:完全"和有限".用户可能属于完全"或有限",或两者兼而有之.他们只需要属于这两个组之一即可访问此控制器.
If not, how may I achieve this without using policies? There are two groups of users that may access this controller: "Full" and "Limited". Users may either belong to "Full" or "Limited", or both. They only require to belong to one of the two groups in order to access this controller.
不是你想要的方式;政策旨在累积.例如,如果您使用两个单独的属性,那么它们都必须通过.
Not the way you want; policies are designed to be cumulative. For example if you use two separate attributes then they must both pass.
您必须在单个策略中评估 OR 条件.但是您不必在单个处理程序中将其编码为 OR.您可以有一个具有多个处理程序的需求.如果任一处理程序标记成功,则满足要求.请参阅我的授权研讨会中的第 6 步.
You have to evaluate OR conditions within a single policy. But you don't have to code it as ORs within a single handler. You can have a requirement which has more than one handler. If either of the handlers flag success then the requirement is fulfilled. See Step 6 in my Authorization Workshop.
这篇关于ASP.NET 5 授权两个或多个策略(或组合策略)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!