目前一直在用policy做权限校验,但是好像组里需要将返回结果统一,之前用的都是直接继承authorizationhandler然后调用context.fail(),但是这样会导致没办法自定义返回结果比如{code:403,msg:’未授权’,data:null},
也百度了下 这里也说了3.0后就改掉了之前可以通过result来返回,但是现在不行了,之后又查了下资料无果,今天心血来潮直接用httpcontext来返回结果可以了。。。。。
直接上代码吧
public class apiurlpermissionhandler : authorizationhandler<apiurlpermissionrequirement>
{
private readonly ihttpcontextaccessor _accessor;
private readonly ilogger<apiurlpermissionhandler> _logger;
private readonly ipermissionwatchdog _permissionwatchdog;
public apiurlpermissionhandler(ihttpcontextaccessor accessor,ilogger<apiurlpermissionhandler> logger, ipermissionwatchdog permissionwatchdog)
{
this._accessor = accessor;
this._logger = logger;
this._permissionwatchdog = permissionwatchdog;
}
protected override async task handlerequirementasync(authorizationhandlercontext context, apiurlpermissionrequirement requirement)
{
var httpcontext = _accessor.httpcontext;
var isauthenticated = context.user.identity.isauthenticated;
if (isauthenticated)
{
var uid = httpcontext.user.claims.firstordefault(s => s.type == "uid")?.value;
if (uid.isnullorwhitespace())
{
context.fail();
return;
}
//判断是否有权限
var questurl = httpcontext.request.path.value.tolower();
if (!await _permissionwatchdog.passapipermasync(uid, questurl))
{
context.fail();
return;
}
context.succeed(requirement);
}
else
{
httpcontext.response.contenttype = "application/json; charset=utf-8";
await httpcontext.response.writeasync(jsonconvert.serializeobject(new { a="123",b="435"}));
await httpcontext.response.body.flushasync();
//context.fail();
}
}
}
有不对或者更好的方法希望园友提供指出谢谢
黄山市民网:https://www.huangshanshimin.com/
