Asp.net core mvc permission control: Permission control introduction, mvc permission Control

Asp.net core mvc permission control: Permission control introduction, mvc permission Control

Permission control is involved during business software development. asp.net core mvc provides related features.

Before introducing the usage method, we need to understand several concepts:

1. claim: A claim contains two types and values. I understand claim as a permission definition, such as Type = Member, Value = delete operation.

2. Identity: indicates the user's Identity information, such as the user name.

3. Principal: An authentication ticket that contains identity and claim information.

4. Policy, must have a claim for member deletion

5. role: a set of Permissions

6. User: an account used by the System

 

Configure permission control in asp.net core mvc:

1. Introduce the Microsoft. AspNetCore. Identity. EntityFrameworkCore library, which provides user, role, logon, and other related operations, and supports Function Extension.

2. register the service interface and middleware in the startup. cs file.

Public void ConfigureServices (IServiceCollection services)

{

......

Services. AddIdentity <TUser, TRole> ();

.....

}

Public void Configure (IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)

{

......

App. UseIdentity ();

......

}

 

TUser: Custom User class in the system

Public class ApplicationUser: IdentityUser <int>

{

// Extended USER Parameters in the system

}

TRole: a custom role class in the system.

Public class ApplicationRole: IdentityRole <int>

{

// System extended role Parameters

}

3. Add the AuthorizeAttribute feature to the Controller or Controller Method to configure permission control.

The AuthorizeAttribute feature contains a Policy configuration, which is to configure permission verification rules. The example is as follows:

[Authorize (Policy = "goods")]

Public class GoodsController: Controller

{}

 

But here goods is only the name of the rule. How can this rule be set? Use the AddAuthorization Extension Method in ConfigureServices of startup. cs for configuration. The example is as follows:

 

Public void ConfigureServices (IServiceCollection services)

{

.....

Services. AddAuthorization (config => {

//

Config. AddPolicy ("goods", builder => {
Builder. AddRequirements (new ClaimsAuthorizationRequirement ("goods", new string [] {"module "}));
});

});

.....

}

AddPolicy adds a rule method. The first parameter indicates the rule name, and the second parameter indicates the specific rule list. Here we only add one permission Verification

Rule ClaimsAuthorizationRequirement

 

ClaimsAuthorizationRequirement indicates information about a permission rule. The constructor includes two parameters. The first parameter indicates the type value of cliam and the second parameter.

The parameter is a set of claim values. It indicates whether the current user has a specified type and has a claim with any value specified.

 

After the preceding configuration, if the current user wants to access the GoodsController controller (no method restriction, if the AuthorizeAttribute is used on the method, only

The corresponding method can also be used multiple times), you must have the permission of Claim (type = goods, value = module)

 

Here, we have completed the logic of permission control. The above content is just my personal understanding. please correct me.