【发布时间】:2021-02-13 03:05:57
【问题描述】:
如果用户处于 GRP_FAST_ADMIN 角色,我有一个 Blazor 页面应该显示一个按钮。出于测试目的,如果他们不在角色中,我会打印出他们所在角色的列表。问题是他们的声明确实表明他们拥有正确的角色,但他们仍然没有被授权。
@page "/RestartApplication"
<AuthorizeView Roles="GRP_FAST_ADMIN">
<Authorized>
<button class="btn-default" @onclick="() => ViewModel.RestartApplication()">Restart Application</button>
</Authorized>
<NotAuthorized>
@if(Claims !=null)
{
@foreach(var claim in Claims)
{
<p>@(claim.Type.ToString() + ": " + claim.Value.ToString())</p>
}
}
</NotAuthorized>
</AuthorizeView>
该部分的输出:
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: CM_GENERAL_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: ES_GENERAL_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: GRP-PEOPLESOFT-P-GL_GENERAL
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: GRP_AWB_ADMIN
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: GRP_FAST_ADMIN
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: GRP_ILG_RO
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: IB_PWR_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: IBP_POWER_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: MP_ADMIN_GRP
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: OFB_GENERAL_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: PK_GENERAL_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: PT_GENERAL_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: PT_PWR_USER
http://schemas.microsoft.com/ws/2008/06/identity/claims/role: RESORT_OPS_UTILITY
基本身份验证有效。我可以成功地用于确保某人已登录。在 WebAssembly 的启动中设置授权:
public static IServiceCollection AddPowerToolsWebServices(this IServiceCollection services)
{
services.AddDevExpressBlazor();
services.AddBlazoredLocalStorage();
services.AddAuthorizationCore();
services.AddScoped<TokenAuthenticationStateProvider>();
services.AddScoped<AuthenticationStateProvider, TokenAuthenticationStateProvider>(provider =>
provider.GetRequiredService<TokenAuthenticationStateProvider>());
return services;
}
我正在处理 GetAuthenticationStateAsync() 的覆盖
public override async Task<AuthenticationState> GetAuthenticationStateAsync()
{
var token = await GetTokenAsync();
if (string.IsNullOrWhiteSpace(token))
return _Anonymous;
_HttpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
return new AuthenticationState(new ClaimsPrincipal(new ClaimsIdentity(ParseClaimsFromJwt(token), "jwt")));
}
这会解析所有声明并获取每个角色并将它们单独添加为声明。不知道我错过了什么。
【问题讨论】:
标签: authentication authorization blazor blazor-webassembly