基于源码分析Claims声明

1.在program.cs文件中Claims声明并单例注册HttpContext

// Claims声明
builder.Services.AddAuthorization(options =>
{
    // 要求用户必须拥有一个名为 iss（issuer，签发者）的声明（Claim），且其值为 "Blog.Core"
    options.AddPolicy("Client", policy => policy.RequireClaim("iss", "Blog.Core").Build());
    // 用户必须属于 SuperAdmin 角色才能通过授权
    options.AddPolicy("SuperAdmin", policy => policy.RequireRole("SuperAdmin").Build());
    // 用户只要属于 SuperAdmin 或 System 角色之一即可
    options.AddPolicy("SystemOrAdmin", policy => policy.RequireRole("SuperAdmin", "System"));
});

// 允许您在 ASP.NET Core 应用程序的任何地方访问当前 HTTP 上下文（HttpContext）
builder.Services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();

2.control层标注

[Authorize(Policy = "SystemOrAdmin")]

3.测试是否提供token成功发送请求

 private readonly IHttpContextAccessor _httpContextAccessor;

 public WeatherForecastController(ILogger<WeatherForecastController> logger,
     IMapper mapper,
     IBaseService<Role, RoleVo> baseService,
     IOptions<RedisOptions> redisOptions,
     ICaching caching,
     IBaseService<AuditSqlLog, AuditSqlLogVo> auditSqlLogService,
     IHttpContextAccessor httpContextAccessor)
 {
     _logger = logger;
     _mapper = mapper;
     _baseService = baseService;
     _redisOptions = redisOptions;
     _caching = caching;
     _auditSqlLogService = auditSqlLogService;
     _httpContextAccessor = httpContextAccessor;
 }

[HttpGet(Name = "GetWeatherForecastByHttpContext")]
public async Task<object> GetThree()
{
    Console.WriteLine("api reuquest begin...");
    var httpContext = _httpContextAccessor.HttpContext?.User.Claims.ToList();

    foreach (var item in httpContext)
    {
        await Console.Out.WriteLineAsync($"{item.Type} : {item.Value}");
    }

    var rltList = await _auditSqlLogService.QuerySplit(d => d.DateTime >= Convert.ToDateTime("2025-08-20"));

    Console.WriteLine("api request end...");
    return rltList;
}