asp.net core control access using AccessControlHelper
Intro
As the needs of the project needs to be done to control rights in the framework of Web-based project in asp.net mvc, so have added support for asp.net core after the access control component, initially supported netframework, later dotnetcore 2.0 released after dotnetcore 3.0 release also adds support for asp.net core 3.0 in (version 1.9.0 and later), the current asp.net core support for some more, asp.net core can be used TagHelper
to control elements on the page access, access can also be controlled through the Policy, while supporting the middleware can also be achieved through access to static resources.
Installation AccessControlHelper
nuget package
Nuget installation package WeihanLi.AspNetMvc.AccessControlHelper
dotnet add package WeihanLi.AspNetMvc.AccessControlHelper
Realize their own access policies
Resource Access Policy / API access policy
The following code defines a simple access policies, you need to log in and have the Admin role can be optimized according to their own needs adjustment
public class AdminPermissionRequireStrategy : IResourceAccessStrategy
{
private readonly IHttpContextAccessor _accessor;
public AdminPermissionRequireStrategy(IHttpContextAccessor accessor)
{
_accessor = accessor;
}
public bool IsCanAccess(string accessKey)
{
var user = _accessor.HttpContext.User;
return user.Identity.IsAuthenticated && user.IsInRole("Admin");
}
public IActionResult DisallowedCommonResult => new ContentResult
{
Content = "No Permission",
ContentType = "text/plain",
StatusCode = 403
};
public IActionResult DisallowedAjaxResult => new JsonResult(new JsonResultModel
{
ErrorMsg = "No Permission",
Status = JsonResultStatus.NoPermission
});
}
Access Policy page elements
Defined page elements / controls access policy:
public class AdminOnlyControlAccessStrategy : IControlAccessStrategy
{
private readonly IHttpContextAccessor _accessor;
public AdminOnlyControlAccessStrategy(IHttpContextAccessor httpContextAccessor) => _accessor = httpContextAccessor;
public bool IsControlCanAccess(string accessKey)
{
if ("Never".Equals(accessKey, System.StringComparison.OrdinalIgnoreCase))
{
return false;
}
var user = _accessor.HttpContext.User;
return user.Identity.IsAuthenticated && user.IsInRole("Admin");
}
}
Registration Service Configuration
Are registered in the Startup Service:
services.AddAccessControlHelper()
.AddResourceAccessStrategy<Filters.AdminPermissionRequireStrategy>()
.AddControlAccessStrategy<Filters.AdminOnlyControlAccessStrategy>()
;
If you're just web api, not related to the access control page elements can only register ResourceAccessStrategy
services.AddAccessControlHelper()
.AddResourceAccessStrategy<Filters.AdminPermissionRequireStrategy>();
The default access policy life cycle is a single case, if need be registered as Scoped, you can specify a default life cycle
services.AddAccessControlHelper()
.AddResourceAccessStrategy<Filters.AdminPermissionRequireStrategy>(ServiceLifetime.Scoped);
Access control API / resources
For access asp.net core application is recommended Policy to control permissions can be set in the Action Controller or need access control [Authorize("AccessControl")]
or[Authorize(AccessControlHelperConstants.PolicyName)]
[Authorize(AccessControlHelperConstants.PolicyName)]
public class SystemSettingsController : AdminBaseController
{
// ...
}
[Authorize(AccessControlHelperConstants.PolicyName)]
public ActionResult UserList()
{
return View();
}
Permissions control page elements
Reference TagHelper
Views in the catalog _ViewImports.cshtml
import AccessControlHelper file TagHelper
@using ActivityReservation
@using WeihanLi.AspNetMvc.AccessControlHelper
@using WeihanLi.AspNetMvc.MvcSimplePager
@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
@addTagHelper *, WeihanLi.AspNetMvc.AccessControlHelper
Configuration page elements
Increase over the elements required permissions to control asp-access
the attribute on it, if need through access-key asp-access-key
to configure
<ul class="list-group" asp-access asp-access-key="AdminOnly">
<li role="separator" class="list-unstyled">
<br />
</li>
<li class="list-group-item">@Html.ActionLink("用户管理", "UserList", "Account")</li>
<li class="list-group-item">@Html.ActionLink("操作日志查看", "Index", "OperationLog")</li>
<li class="list-group-item">@Html.ActionLink("系统设置管理", "Index", "SystemSettings")</li>
<li class="list-group-item">
@Html.ActionLink("微信设置管理", "Index", new {
controller = "Config",
area = "Wechat"
})
</li>
</ul>
That's it, time will have access to the normal rendering, do not have access, when this paragraph ul
does not render output, view the source code in the client browser will not see a corresponding code