admin管理员组

文章数量:1399172

I am developing a Blazor Server application that requires role and permission-based access control. My authentication uses a custom provider (not relying on HttpContext), and I need to enforce authorization rules both on the UI (hiding components, buttons, menus) and server-side (restricting access to sensitive methods).

Since Blazor uses SignalR for client-server communication, traditional [Authorize] attributes or policies tied to HttpContext are not viable. I want to use roles to make the user unauthorized to reach certain pages that require a specific role, while I want to use permissions to be tied to most components on each page. My roles and permissions are stored in the database where the permissions are tied to roles. I would like to avoid using policies for the permissions.

Notes:

  • Permissions are stored in a database table and assigned to roles, and each user can have multiple roles
  • Permissions are placed in a "context" during authentication which I can grab as long as the user is authenticated (I do not want to clutter the claims with potentially big number of permissions)
  • Permissions are named after the action that they are assigned to, for example AddUser, EditProduct, ViewEmployeeGrid

Requirements:

  • Ability to attribute the Blazor pages with something similar to the Authorize attribute such as @attribute [Authorize(Roles = "SuperAdmin, Auditor, Operator")]
  • Ability to use Permission keyword in a custom AuthorizeView wrapped on each component, button, etc.
<CustomAuthorizeView Permission="AddUser">
    <div class="radzen-filter">
        <RadzenStack Orientation="Orientation.Horizontal" AlignItems="AlignItems.Center" Gap="0.5rem" Style="margin-bottom: 1rem;">
            <RadzenButton Click="@CreateUser" Text="Add User" Icon="add" ButtonStyle="ButtonStyle.Primary" />
        </RadzenStack>
    </div>
</CustomAuthorizeView>

This is my example solution, but I can't seem to get it to work, any ideas are welcome - thank you.

本文标签: aspnet coreImplementing RolePermissionBased Authorization in BlazorStack Overflow

版权声明:本文标题:asp.net core - Implementing RolePermission-Based Authorization in Blazor - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744212165a2595469.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。