zhangxiaofeng
/
EntrustSettle
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6a6da9e872'
${ noResults }
EntrustSettle/EntrustSettle.Extensions/ServiceExtensions/AuthorizationSetup.cs

75 lines
3.2 KiB
C#
Raw Blame History Unescape Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

using EntrustSettle.AuthHelper;
using EntrustSettle.Common;
using EntrustSettle.Common.AppConfig;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.IdentityModel.Tokens;
using System;
using System.Collections.Generic;
using System.Security.Claims;
using System.Text;
namespace EntrustSettle.Extensions
{
/// <summary>
/// 系统 授权服务 配置
/// </summary>
public static class AuthorizationSetup
{
public static void AddAuthorizationSetup(this IServiceCollection services)
{
if (services == null) throw new ArgumentNullException(nameof(services));
// 以下四种常见的授权方式。
// 1.基于角色的授权方式 只需要在API层的controller上边增加特性即可
// [Authorize(Roles = "Admin,System")]
// 2.基于策略(角色)的授权方式好处就是不用在controller中写多个 roles 。在API层的controller上边增加特性[Authorize(Policy = "Admin")]
//services.AddAuthorization(options =>
//{
// options.AddPolicy("Client", policy => policy.RequireRole("Client").Build());
// options.AddPolicy("Admin", policy => policy.RequireRole("Admin").Build());
// options.AddPolicy("SystemOrAdmin", policy => policy.RequireRole("Admin", "System"));
// options.AddPolicy("A_S_O", policy => policy.RequireRole("Admin", "System", "Others"));
//});
//#region 参数
//读取配置文件
//var symmetricKeyAsBase64 = AppSecretConfig.Audience_Secret_String;
//var keyByteArray = Encoding.ASCII.GetBytes(symmetricKeyAsBase64);
//var signingKey = new SymmetricSecurityKey(keyByteArray);
//var Issuer = AppSettings.app(new string[] { "Audience", "Issuer" });
//var Audience = AppSettings.app(new string[] { "Audience", "Audience" });
//var signingCredentials = new SigningCredentials(signingKey, SecurityAlgorithms.HmacSha256);
//// 如果要数据库动态绑定,这里先留个空,后边处理器里动态赋值
//var permission = new List<PermissionItem>();
//// 角色与接口的权限要求参数
//var permissionRequirement = new PermissionRequirement(
// "/api/denied",// 拒绝授权的跳转地址(目前无用)
// permission,
// ClaimTypes.Role,//基于角色的授权
// Issuer,//发行人
// Audience,//听众
// signingCredentials,//签名凭据
// expiration: TimeSpan.FromSeconds(60 * 60)//接口的过期时间
// );
//#endregion
//// 3、自定义复杂的策略授权
//services.AddAuthorization(options =>
//{
// options.AddPolicy(Permissions.Name,
// policy => policy.Requirements.Add(permissionRequirement));
//});
//services.AddScoped<IAuthorizationHandler, PermissionHandler>(); // 注入权限处理器
//services.AddSingleton(permissionRequirement);
}
}
}
Reference in New Issue View Git Blame Copy Permalink