asp.net core control access using AccessControlHelper

asp.net core control access using AccessControlHelper

Intro

As the needs of the project needs to be done to control rights in the framework of Web-based project in asp.net mvc, so have added support for asp.net core after the access control component, initially supported netframework, later dotnetcore 2.0 released after dotnetcore 3.0 release also adds support for asp.net core 3.0 in (version 1.9.0 and later), the current asp.net core support for some more, asp.net core can be used TagHelperto control elements on the page access, access can also be controlled through the Policy, while supporting the middleware can also be achieved through access to static resources.

Installation AccessControlHelpernuget package

Nuget installation package WeihanLi.AspNetMvc.AccessControlHelper

dotnet add package WeihanLi.AspNetMvc.AccessControlHelper

Realize their own access policies

Resource Access Policy / API access policy

The following code defines a simple access policies, you need to log in and have the Admin role can be optimized according to their own needs adjustment

public class AdminPermissionRequireStrategy : IResourceAccessStrategy
{
    private readonly IHttpContextAccessor _accessor;

    public AdminPermissionRequireStrategy(IHttpContextAccessor accessor)
    {
        _accessor = accessor;
    }

    public bool IsCanAccess(string accessKey)
    {
        var user = _accessor.HttpContext.User;
        return user.Identity.IsAuthenticated && user.IsInRole("Admin");
    }

    public IActionResult DisallowedCommonResult => new ContentResult
    {
        Content = "No Permission",
        ContentType = "text/plain",
        StatusCode = 403
    };

    public IActionResult DisallowedAjaxResult => new JsonResult(new JsonResultModel
    {
        ErrorMsg = "No Permission",
        Status = JsonResultStatus.NoPermission
    });
}

Access Policy page elements

Defined page elements / controls access policy:

public class AdminOnlyControlAccessStrategy : IControlAccessStrategy
{
    private readonly IHttpContextAccessor _accessor;

    public AdminOnlyControlAccessStrategy(IHttpContextAccessor httpContextAccessor) => _accessor = httpContextAccessor;

    public bool IsControlCanAccess(string accessKey)
    {
        if ("Never".Equals(accessKey, System.StringComparison.OrdinalIgnoreCase))
        {
            return false;
        }
        var user = _accessor.HttpContext.User;
        return user.Identity.IsAuthenticated && user.IsInRole("Admin");
    }
}

Registration Service Configuration

Are registered in the Startup Service:

services.AddAccessControlHelper()
   .AddResourceAccessStrategy<Filters.AdminPermissionRequireStrategy>()
    .AddControlAccessStrategy<Filters.AdminOnlyControlAccessStrategy>()
    ;

If you're just web api, not related to the access control page elements can only register ResourceAccessStrategy

services.AddAccessControlHelper()
.AddResourceAccessStrategy<Filters.AdminPermissionRequireStrategy>();

The default access policy life cycle is a single case, if need be registered as Scoped, you can specify a default life cycle

services.AddAccessControlHelper()
.AddResourceAccessStrategy<Filters.AdminPermissionRequireStrategy>(ServiceLifetime.Scoped);

Access control API / resources

For access asp.net core application is recommended Policy to control permissions can be set in the Action Controller or need access control [Authorize("AccessControl")]or[Authorize(AccessControlHelperConstants.PolicyName)]

[Authorize(AccessControlHelperConstants.PolicyName)]
public class SystemSettingsController : AdminBaseController
{
    // ...
}

[Authorize(AccessControlHelperConstants.PolicyName)]
public ActionResult UserList()
{
    return View();
}

Permissions control page elements

Reference TagHelper

Views in the catalog _ViewImports.cshtmlimport AccessControlHelper file TagHelper

@using ActivityReservation
@using WeihanLi.AspNetMvc.AccessControlHelper
@using WeihanLi.AspNetMvc.MvcSimplePager

@addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers
@addTagHelper *, WeihanLi.AspNetMvc.AccessControlHelper

See: https://github.com/WeihanLi/ActivityReservation/blob/dev/ActivityReservation/Areas/Admin/Views/_ViewImports.cshtml

Configuration page elements

Increase over the elements required permissions to control asp-accessthe attribute on it, if need through access-key asp-access-keyto configure

<ul class="list-group" asp-access asp-access-key="AdminOnly">
    <li role="separator" class="list-unstyled">
        <br />
    </li>
    <li class="list-group-item">@Html.ActionLink("用户管理", "UserList", "Account")</li>

    <li class="list-group-item">@Html.ActionLink("操作日志查看", "Index", "OperationLog")</li>
    <li class="list-group-item">@Html.ActionLink("系统设置管理", "Index", "SystemSettings")</li>
    <li class="list-group-item">
        @Html.ActionLink("微信设置管理", "Index", new {
        controller = "Config",
        area = "Wechat"
    })
    </li>
</ul>

That's it, time will have access to the normal rendering, do not have access, when this paragraph uldoes not render output, view the source code in the client browser will not see a corresponding code

Reference

• https://github.com/WeihanLi/ActivityReservation
• https://github.com/WeihanLi/AccessControlHelper