问题描述
几乎所有我的API端点仅由内部用户使用,这是默认方案,他们需要此访问权限。当我创建一个新端点时,他们将需要访问该端点。
我还有一些可以登录的特殊外部用户,但仅使用其中一些端点,比如说10%。
不必创建允许所有用户(外部用户除外)访问的要求/策略(通过使用策略import SwiftUI
struct GridStack<Content: View>: View {
let rows: Int
let columns: Int
let content: (Int,Int) -> Content
@State private var currentPosition: CGSize = .zero
@State private var oldPosition: CGSize = .zero
@State private var newPosition: CGSize = .zero
@State private var buttonBackColor:Color = .white
@State private var bgColorDict = [ 0: "neutral",1: "neutral",2: "neutral",3: "neutral",4: "neutral",5: "neutral",6: "neutral",7: "neutral",8: "neutral",9: "neutral",10: "neutral",11: "neutral",12: "neutral",13: "neutral",14: "neutral",15: "neutral",16: "neutral",17: "neutral",18: "neutral",19: "neutral",20: "neutral",21: "neutral",22: "neutral",23: "neutral",24: "neutral",25: "neutral",26: "neutral",27: "neutral",28: "neutral",29: "neutral",30: "neutral",31: "neutral",32: "neutral",33: "neutral",34: "neutral",35: "neutral",36: "neutral",37: "neutral",38: "neutral",39: "neutral",40: "neutral",41: "neutral",42: "neutral",43: "neutral",44: "neutral",45: "neutral",46: "neutral",47: "neutral",48: "neutral",49: "neutral",50: "neutral",51: "neutral",52: "neutral",53: "neutral",54: "neutral",55: "neutral",56: "neutral",57: "neutral",58: "neutral",59: "neutral",60: "neutral",61: "neutral",62: "neutral",63: "neutral",64: "neutral",65: "neutral",66: "neutral",67: "neutral",68: "neutral",69: "neutral",70: "neutral",71: "neutral",72: "neutral",73: "neutral",74: "neutral",75: "neutral",76: "neutral",77: "neutral",78: "neutral",79: "neutral",80: "neutral",81: "neutral",82: "neutral",83: "neutral",84: "neutral",85: "neutral",86: "neutral",87: "neutral",88: "neutral",89: "neutral",90: "neutral",91: "neutral",92: "neutral",93: "neutral",94: "neutral",95: "neutral",96: "neutral",97: "neutral",98: "neutral",99: "neutral"
]
let theSheet = ["t","r","c","g","T","M","B","G","s","v","N","U","e","p","A","D","f","C","H","a","y","P","F","d","b","j","n","I","x","i","m","S","O","o","u","E","L","h","k","R","t",]
var body: some View {
vstack {
ForEach(0 ..< 1,id: \.self) { row in
HStack(spacing: 0) {
ForEach(0 ..< 1,id: \.self) { column in
Text(self.theSheet[(10 * row) + column])
.font(.custom("Rockwell",size:24))
.frame(width: 30,height: 30,alignment: .center)
.padding()
.onTapGesture {
if (self.bgColorDict[(row*10) + column] == "neutral") {
self.bgColorDict[(row*10) + column] = "correct"
} else if self.bgColorDict[(row*10) + column] == "correct" {
self.bgColorDict[(row*10) + column] = "wrong"
} else {
self.bgColorDict[(row*10) + column] = "neutral"
}
}
.background(Color(String(self.bgColorDict[(row*10) + column] ?? "neutral"))).border(Color.gray)
}
}
}
}
}
装饰每个API路由,我可以创建策略(或类似于{{1 }}),我只将外部用户允许访问的API端点放在上面,例如:
[Authorize(Policy = "InternalOnly")]在旧的.NET身份中,我可以使用[AllowAnonymous]来实现此目的,但是在.NET核心中,需求/策略似乎是解决之道。
我在[Route("GetForExternal")]
[HttpPost]
[ExternalAllowed]
public async Task<ActionResult<String>> GetForExternal(Request request)
中使用了AuthorizeAttribute,以确保所有端点都受到经过身份验证的用户的保护:
FallbackPolicy解决方法
我通过添加回退策略解决了这个问题:
services.AddAuthorization(options =>
{
options.AddPolicy(Policies.AllowExternal,policy => policy.RequireAuthenticatedUser().Requirements.Add(new AllowExternalRequirement()));
options.FallbackPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireRole("InternalEmployee")
.Build();
});
并使用该策略装饰外部允许的api端点:
[Authorize(Policy = Policies.AllowExternal)]
然后添加一个简单的替代策略:
public class AllowExternalRequirement : IAuthorizationRequirement
{
}
public class AllowExternalHandler : AuthorizationHandler<AllowExternalRequirement>
{
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,AllowExternalRequirement requirement)
{
context.Succeed(requirement);
return Task.CompletedTask;
}
}