1.使用Hybird Flow保护Asp.Net Core MVC 客户端
并访问被保护资源
刷新Access Token
处理Claim
基于策略的权限
![](https://img.laitimes.com/img/9ZDMuAjOiMmIsIjOiQnIsIyZuBnL2MTMzMTM5cDMy0yN4EDNxEjM1ETMzITMxIDMy0CNwQjNxkTMvwlMxEjMwIzLcRDM0YTM5EzLcd2bsJ2Lc12bj5ycn9Gbi52YuAjMwIzZtl2Lc9CX6MHc0RHaiojIsJye.png)
授权端点
重定向端点
Token端点
2.Claim 角色授权
2.1Idp工程代码配置
(1)TestUser自定义Cliam Role
2.2Mvc客户端工程配置
(1)当没有权限时增加跳转页面
3.1Idp工程配置
(1)给用户增加Claim标识
3.2 Mvc客户端配置
3.2.1客户端增加访问资源配置
public class SmithInSomewareRequirement : IAuthorizationRequirement
{
public SmithInSomewareRequirement()
{
}
}
public class SmithInSomewhereHandler : AuthorizationHandler<SmithInSomewareRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
SmithInSomewareRequirement requirement)
{
//var filterContext = context.Resource as AuthorizationFilterContext;
//if (filterContext == null)
//{
// context.Fail();
// return Task.CompletedTask;
//}
var familyName = context.User.Claims.FirstOrDefault(c => c.Type == JwtClaimTypes.FamilyName)?.Value;
var location = context.User.Claims.FirstOrDefault(c => c.Type == "location")?.Value;
if (familyName == "Smith" && location == "somewhere" && context.User.Identity.IsAuthenticated)
{
context.Succeed(requirement);
return Task.CompletedTask;
}
context.Fail();
return Task.CompletedTask;
// 一个Handler成功,其它的Handler没有失败 => Requirement被满足了
// 某个Hanlder失败 => 无法满足Requirement
// 没有成功和失败 => 无法满足Requirement
}
}
View Code
3.2.3策略授权
将特性加到Controller或者Method中