Catatan
Akses ke halaman ini memerlukan otorisasi. Anda dapat mencoba masuk atau mengubah direktori.
Akses ke halaman ini memerlukan otorisasi. Anda dapat mencoba mengubah direktori.
Sesuaikan perilaku
Aplikasi dapat mendaftarkan IAuthorizationMiddlewareResultHandler untuk menyesuaikan cara AuthorizationMiddleware menangani hasil otorisasi. Aplikasi dapat menggunakan IAuthorizationMiddlewareResultHandler untuk:
- Mengembalikan respons yang dikustomisasi.
- Tingkatkan tantangan default atau larang respons.
Kode berikut menunjukkan contoh implementasi IAuthorizationMiddlewareResultHandler yang mengembalikan respons kustom untuk kegagalan otorisasi tertentu:
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Authorization.Policy;
public class SampleAuthorizationMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
{
private readonly AuthorizationMiddlewareResultHandler defaultHandler = new();
public async Task HandleAsync(
RequestDelegate next,
HttpContext context,
AuthorizationPolicy policy,
PolicyAuthorizationResult authorizeResult)
{
// If the authorization was forbidden and the resource had a specific requirement,
// provide a custom 404 response.
if (authorizeResult.Forbidden
&& authorizeResult.AuthorizationFailure!.FailedRequirements
.OfType<Show404Requirement>().Any())
{
// Return a 404 to make it appear as if the resource doesn't exist.
context.Response.StatusCode = StatusCodes.Status404NotFound;
return;
}
// Fall back to the default implementation.
await defaultHandler.HandleAsync(next, context, policy, authorizeResult);
}
}
public class Show404Requirement : IAuthorizationRequirement { }
Daftarkan implementasi IAuthorizationMiddlewareResultHandler ini dalam Program.cs:
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddSingleton<
IAuthorizationMiddlewareResultHandler, SampleAuthorizationMiddlewareResultHandler>();
var app = builder.Build();
Aplikasi dapat mendaftarkan IAuthorizationMiddlewareResultHandler untuk menyesuaikan cara AuthorizationMiddleware menangani hasil otorisasi. Aplikasi dapat menggunakan IAuthorizationMiddlewareResultHandler untuk:
- Mengembalikan respons yang dikustomisasi.
- Tingkatkan tantangan bawaan atau larang respons.
Kode berikut menunjukkan contoh implementasi IAuthorizationMiddlewareResultHandler yang mengembalikan respons kustom untuk kegagalan otorisasi tertentu:
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Authorization.Policy;
using Microsoft.AspNetCore.Http;
using System.Linq;
using System.Net;
using System.Threading.Tasks;
public class MyAuthorizationMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
{
private readonly AuthorizationMiddlewareResultHandler
DefaultHandler = new AuthorizationMiddlewareResultHandler();
public async Task HandleAsync(
RequestDelegate requestDelegate,
HttpContext httpContext,
AuthorizationPolicy authorizationPolicy,
PolicyAuthorizationResult policyAuthorizationResult)
{
// if the authorization was forbidden and the resource had specific requirements,
// provide a custom response.
if (Show404ForForbiddenResult(policyAuthorizationResult))
{
// Return a 404 to make it appear as if the resource does not exist.
httpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
return;
}
// Fallback to the default implementation.
await DefaultHandler.HandleAsync(requestDelegate, httpContext, authorizationPolicy,
policyAuthorizationResult);
}
bool Show404ForForbiddenResult(PolicyAuthorizationResult policyAuthorizationResult)
{
return policyAuthorizationResult.Forbidden &&
policyAuthorizationResult.AuthorizationFailure.FailedRequirements.OfType<
Show404Requirement>().Any();
}
}
public class Show404Requirement : IAuthorizationRequirement { }
Daftar MyAuthorizationMiddlewareResultHandler di Startup.ConfigureServices:
public void ConfigureServices(IServiceCollection services)
{
services.AddRazorPages();
services.AddSingleton<IAuthorizationMiddlewareResultHandler,
MyAuthorizationMiddlewareResultHandler>();
}
Berkolaborasi dengan kami di GitHub
Sumber untuk konten ini dapat ditemukan di GitHub, yang juga dapat Anda gunakan untuk membuat dan meninjau masalah dan menarik permintaan. Untuk informasi selengkapnya, lihat panduan kontributor kami.
ASP.NET Core