AccessControls.Extension.AspNetCore
1.0.0
dotnet add package AccessControls.Extension.AspNetCore --version 1.0.0
NuGet\Install-Package AccessControls.Extension.AspNetCore -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="AccessControls.Extension.AspNetCore" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add AccessControls.Extension.AspNetCore --version 1.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: AccessControls.Extension.AspNetCore, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install AccessControls.Extension.AspNetCore as a Cake Addin
#addin nuget:?package=AccessControls.Extension.AspNetCore&version=1.0.0
// Install AccessControls.Extension.AspNetCore as a Cake Tool
#tool nuget:?package=AccessControls.Extension.AspNetCore&version=1.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
AccessControls.Extension.AspNetCore
基于 ASP.NET Core 框架,使用特性标签 AccessControlAttribute 等控制 Action 方法的权限,使用 TagHelper AccessControlTagHelper 来控制页面上元素的显示权限,同时支持通过中间件 AccessControlMiddleware实现对静态资源的访问。
快速使用
1. 安装权限控制显示组件
dotnet add package AccessControls.Extension.AspNetCore
2. 实现自定义权限控制策略
- 实现页面元素显示策略接口
IControlAccessStrategy - 实现
Action访问显示策略接口IResourceAccessStrategy
示例代码:
3. 注册自定义权限控制策略
在 Startup 文件中注册显示策略,参考 Startup.cs
// ConfigureServices
services.AddAccessControl<ResourceAccessStrategy, ControlAccessStrategy>();
// 自己注册服务,如果只用到资源访问,比如只有 API 可以只注册 IResourceAccessStrategy 策略
//services.TryAddScoped<IResourceAccessStrategy, ActionAccessStrategy>();
// 反之如果只用到视图上的权限控制可以只注册 IControlAccessStrategy 策略
//services.TryAddSingleton<IControlAccessStrategy, ControlAccessStrategy>();
// 最后注册权限控制组件
//services.AddAccessControl();
// 自定义服务生命周期
// services.AddAccessControl<ActionAccessStrategy, ControlAccessStrategy>(ServiceLifetime.Scoped, ServiceLifetime.Singleton);
// ASP.NET Core【推荐用法1】
services.AddAccessControl(options =>
{
options.UseAsDefaultPolicy = true;
options.AccessKeyResolver = context => context.RequestServices
.GetRequiredService<AccessKeyResolver>()
.GetAccessKey(context.Request.Path);
})
.AddResourceAccessStrategy<ResourceAccessStrategy>(ServiceLifetime.Scoped)
.AddControlAccessStrategy<ControlAccessStrategy>();
// ASP.NET Core【推荐用法2】
services.AddAccessControl<ResourceAccessStrategy, ControlAccessStrategy>(options =>
{
options.UseAsDefaultPolicy = true;
options.AccessKeyResolver = context => context.RequestServices
.GetRequiredService<AccessKeyResolver>()
.GetAccessKey(context.Request.Path);
});
services.TryAddSingleton<AccessKeyResolver>();
// 全局权限控制的使用(会忽略控制器的 [AllowAnonymous] 特性)
// app.UseAccessControl();
4. 控制 Action 的方法权限
通过 AccessControl 和 NoAccessControl 标签特性来控制 Action 的访问权限,如果Action上定义了 NoAccessControl 可以忽略上级定义的 AccessControl,另外可以设置 Action 对应的 AccessKey:
[NoAccessControl]
public IActionResult Index()
{
return View();
}
[AccessControl]
public IActionResult About()
{
ViewData["Message"] = "Your application description page.";
return View();
}
[AccessControl(AccessKey = "Contact")]
public IActionResult Contact()
{
ViewData["Message"] = "Your contact page.";
return View();
}
也可以设置 Policy 和直接使用 [AccessControl] 方法一致:
// [Authorize(AccessControlConstants.PolicyName)]
[Authorize("AccessControl")]
public IActionResult Contact()
{
ViewData["Message"] = "Your contact page.";
return View();
}
5. 控制页面元素的显示
为了使用比较方便,建议在页面上导入命名空间,具体方法如下,详见 Samples:
HtmlHelper 扩展
添加命名空间引用
在 _ViewImports.cshtml 中引用命名空间
AccessControls.Extension.AspNetCore@using AccessControlDemo // add AccessControls.Extension.AspNetCore @using AccessControls.Extension.AspNetCore @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers在 Razor 页面上使用
SparkContainer使用@using(Html.SparkContainer("div",new { @class="container", custom-attribute = "abcd" })) { @Html.Raw("1234") } @using (Html.SparkContainer("span",new { @class = "role" }, "user:role:view")) { @:12344 } @using (Html.SparkContainer("button",new { @type="button", @class= "btn btn-primary" }, "user:role:add")) { @:12344 }没有权限访问就不会渲染到页面上,有权限访问的时候渲染得到的 Html 如下:
<div class="container" custom-attribute="abcd">1234</div> <span class="role">12344</span> <button class="btn btn-primary" type="button">12234</button>SparkActionLink@Html.SparkActionLink("Learn about me »", "About", "Home", new { @class = "btn btn-default", "user:detail:show" })有权限访问时渲染出来的 html 如下:
<a class="btn btn-default" href="http://localhost:5000/Home/About">Learn about me »</a>
TagHelper 注册
添加 TagHelper 引用
在 _ViewImports.cshtml 中引用
AccessControls.Extension.AspNetCoreTagHelper@using AccessControlDemo @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers // add AccessControls.Extension.AspNetCore TagHelper @addTagHelper *, AccessControls.Extension.AspNetCore在 Razor 页面上使用
在需要权限控制的元素上增加
asp-access即可,如果需要配置 access-key 通过asp-accesss-key来配置,示例:<ul class="list-group" asp-access asp-access-key="user:list:view">...</ul>这样有权限的时候就会输出这个
ul的内容,如果没有权限就不会输出,而且出于安全考虑,如果有配置asp-access-key的话也会把asp-access-key给移除,不会输出到浏览器中。
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net5.0 is compatible. net5.0-windows was computed. net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
| .NET Core | netcoreapp2.0 was computed. netcoreapp2.1 was computed. netcoreapp2.2 was computed. netcoreapp3.0 was computed. netcoreapp3.1 is compatible. |
| .NET Standard | netstandard2.0 is compatible. netstandard2.1 is compatible. |
| .NET Framework | net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 was computed. net481 was computed. |
| MonoAndroid | monoandroid was computed. |
| MonoMac | monomac was computed. |
| MonoTouch | monotouch was computed. |
| Tizen | tizen40 was computed. tizen60 was computed. |
| Xamarin.iOS | xamarinios was computed. |
| Xamarin.Mac | xamarinmac was computed. |
| Xamarin.TVOS | xamarintvos was computed. |
| Xamarin.WatchOS | xamarinwatchos was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
.NETCoreApp 3.1
- No dependencies.
-
.NETStandard 2.0
- Microsoft.AspNetCore.Mvc (>= 2.1.0 && < 3.0.0)
-
.NETStandard 2.1
- Microsoft.AspNetCore.Mvc (>= 2.1.0 && < 3.0.0)
-
net5.0
- No dependencies.
-
net6.0
- No dependencies.
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last updated |
|---|---|---|
| 1.0.0 | 256 | 4/27/2022 |
Small trial ox knife