Blazor App Identity types——鉴权类型

1  角色/Role鉴权

    1.1  准备工作

          1.1.1 如果使用角色鉴权有效，务必在Program.cs中添加Role中添加相关的服务AddRoles<ApplicationRole>()，包括IRoleStore, IRoleValidator和RoleManager.

builder.Services.AddIdentity<ApplicationUser, ApplicationRole>(options =>
{
    options.SignIn.RequireConfirmedAccount = false;
    options.SignIn.RequireConfirmedEmail = false;

}).AddRoles<ApplicationRole>()
.AddEntityFrameworkStores<ApplicationDbContext>()
.AddTokenProvider("MyApp", typeof(DataProtectorTokenProvider<ApplicationUser>))
.AddSignInManager()
.AddDefaultTokenProviders();

   1.1.2  建议在ApplicationDbContext中添加一些默认的角色

     这里在数据库创建时，默认添加了"SysAdmin"， "Admin","User"三个角色

 protected override void OnModelCreating(ModelBuilder builder)
 {
     base.OnModelCreating(builder);
     //add roles: "System Administrator", "Administrator", "User"
     builder.Entity<ApplicationRole>().HasData(new ApplicationRole { Name = "SysAdmin", NormalizedName = "SYSADMIN", Id = 100, ConcurrencyStamp = "100" });
     builder.Entity<ApplicationRole>().HasData(new ApplicationRole { Name = "Admin", NormalizedName = "ADMIN", Id =101, ConcurrencyStamp = "101" });
     builder.Entity<ApplicationRole>().HasData(new ApplicationRole { Name = "User", NormalizedName = "USER", Id = 102, ConcurrencyStamp = "102" });

     
     //builder.Entity<ApplicationRole>().HasData(new ApplicationRoleClaim { ClaimType = "12", ClaimValue = "34" });
 }

  

1.1.2 重新执行数据迁移和数据库生成

           add-migration initDB01  -outputdir Data/Migrations

           update-database

1.2  角色鉴权的使用方式：Razor页面、方法、导航

       Razor页面：@attribute [Authorize(Roles = "SysAdmin")] 放置于页首

      控制器或控制器中的操作：[Authorize(Roles = "SysAdmin")]修饰于控制器及控制器操作方法之上

       导航：<AuthorizeView>    

<AuthorizeView Roles="User">
    <Authorized>
        <p>You can only see this if you're in the User role.</p>
    </Authorized>
</AuthorizeView>

<AuthorizeView Roles="SysAdmin">
    <Authorized>
        <p>You can only see this if you're in the SysAdmin role.</p>
    </Authorized>
</AuthorizeView>

<AuthorizeView Roles="SysAdmin,User">
    <p>You can only see this if you're in one of "SysAdmin,User" roles.</p>
</AuthorizeView>

 2 策略/Plocy鉴权

   2.1 基本概念

• Policy - 策略有一个或者多个要求。
• Requirement - 策略用于评估当前用户主体的数据参数集合。
• Handler - 处理程序用于确定当前用户主体是否有权访问所请求的资源。

   2.2 使用步骤

         2.2.1  注册                 

builder.Services.AddAuthorization(options =>
{
options.AddPolicy("IsAdmin", policy => policy.RequireRole("SysAdmin", "Admin"));

         2.2.2 使用  

          @attribute [Authorize(Policy = "IsAdmin")] 

@page "/weather"
@using Microsoft.AspNetCore.Authorization
@attribute [StreamRendering]

@attribute [Authorize(Policy = "IsAdmin")]

<PageTitle>Weather</PageTitle>

 3 基于声明/claim的鉴权

    可以说这是基于策略鉴权的一种特殊形式

    3.1  注册

     options.AddPolicy("ManageUser", policy => policy.RequireClaim("ManageUser", "true"));

    3.2  使用

     @attribute [Authorize(Policy = "ManageUser")]

4  自定义错误页面  

//self-define the error page.
app.UseStatusCodePagesWithRedirects("/Error");