Anpassa beteendet för AuthorizationMiddleware

Appar kan registrera en IAuthorizationMiddlewareResultHandler för att anpassa hur AuthorizationMiddleware auktoriseringsresultat hanteras. Appar kan använda IAuthorizationMiddlewareResultHandler för att:

• Returnera anpassade svar.
• Förbättra standardutmaningen eller förbjud svar.

Följande kod visar en exempelimplementering av IAuthorizationMiddlewareResultHandler som returnerar ett anpassat svar för specifika auktoriseringsfel:

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Authorization.Policy;

public class SampleAuthorizationMiddlewareResultHandler : IAuthorizationMiddlewareResultHandler
{
    private readonly AuthorizationMiddlewareResultHandler defaultHandler = new();

    public async Task HandleAsync(
        RequestDelegate next,
        HttpContext context,
        AuthorizationPolicy policy,
        PolicyAuthorizationResult authorizeResult)
    {
        // If the authorization was forbidden and the resource had a specific requirement,
        // provide a custom 404 response.
        if (authorizeResult.Forbidden
            && authorizeResult.AuthorizationFailure!.FailedRequirements
                .OfType<Show404Requirement>().Any())
        {
            // Return a 404 to make it appear as if the resource doesn't exist.
            context.Response.StatusCode = StatusCodes.Status404NotFound;
            return;
        }

        // Fall back to the default implementation.
        await defaultHandler.HandleAsync(next, context, policy, authorizeResult);
    }
}

public class Show404Requirement : IAuthorizationRequirement { }

Registrera den här implementeringen av IAuthorizationMiddlewareResultHandler i Program.cs:

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddSingleton<
    IAuthorizationMiddlewareResultHandler, SampleAuthorizationMiddlewareResultHandler>();

var app = builder.Build();