Bypass Authorize Attribute in .Net Core for Release Version
Is there a way to \"bypass\" authorization in asp.net core? I noticed that the Authorize attribute no longer has a AuthorizeCore method with which you could use to make dec
-
Just add an anonymous filter could do the trick, simple and easy.
services.AddMvc(opts => { opts.Filters.Add(new AllowAnonymousFilter()); });Ref: https://www.illucit.com/asp-net/asp-net-core-2-0-disable-authentication-development-environment/
讨论(0) -
As pointed out in the comments, you can create a base class for all your requirement handlers.
public abstract class RequirementHandlerBase<T> : AuthorizationHandler<T> where T : IAuthorizationRequirement { protected sealed override Task HandleRequirementAsync(AuthorizationHandlerContext context, T requirement) { #if DEBUG context.Succeed(requirement); return Task.FromResult(true); #else return HandleAsync(context, requirement); #endif } protected abstract Task HandleAsync(AuthorizationHandlerContext context, T requirement); }Then derive your requirement handlers from this base class.
public class AgeRequirementHandler : RequirementHandlerBase<AgeRequirement> { protected override HandleAsync(AuthorizationHandlerContext context, AgeRequirement requirement) { ... } } public class AgeRequirement : IRequrement { public int MinimumAge { get; set; } }And then just register it.
services.AddAuthorization(options => { options.AddPolicy("Over18", policy => policy.Requirements.Add(new AgeRequirement { MinimumAge = 18 })); });讨论(0) -
For someone still needs to get the fake User object, the below solution can do the trick:
app.Use(async (context, next) => { context.User = new System.Security.Claims.ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Guid.NewGuid().ToString()), }, "test")); await next.Invoke(); }); app.UseMvc();The solution should just work if the DefaultScheme is "Cookies".
讨论(0) -
Expanding off of John_J's answer:
public void ConfigureServices(IServiceCollection services) { ... #if DEBUG services.AddMvc(opts => { opts.Filters.Add(new AllowAnonymousFilter()); }); #else services.AddMvc(); #endif }讨论(0) -
You can define your own handler that disables authorization:
public class DisableAuthorizationHandler<TRequirement> : AuthorizationHandler<TRequirement> where TRequirement : IAuthorizationRequirement { protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, TRequirement requirement) { context.Succeed(requirement); return Task.CompletedTask; } }and then register it:
public void ConfigureServices(IServiceCollection services) { //... #if DEBUG services.AddTransient<IAuthorizationHandler, DisableAuthorizationHandler<IAuthorizationRequirement>>(); #endif //... }讨论(0) -
Two possible solutions coming to my mind.
First is to use fake
Authentication Middleware. You can create a fake authentication middleware like this. And yourStartup.csshould be something like this(you should take care of fake services):private IHostingEnvironment _env; public Startup(IHostingEnvironment env) { _env = env; // other stuff } public void ConfigureServices(IServiceCollection services) { // ... if (_env.IsDevelopment()) { // dev stuff services.AddTransient<ISomeService, FakeSomeService>(); } else { // production stuff services.AddTransient<ISomeService, SomeService>(); } } public void Configure(IApplicationBuilder app, IHostingEnvironment env) { if (env.IsDevelopment()) { app.UseFakeAuthentication(); } else { app.UseRealAuthentication(); } }Second is to use more than one handlers(as @Tseng said). In this case i would write something like this:
private IHostingEnvironment _env; public Startup(IHostingEnvironment env, IApplicationEnvironment appEnv) { _env = env; // other stuff } public void ConfigureServices(IServiceCollection services) { // ... if (_env.IsDevelopment()) { // dev stuff services.AddSingleton<IAuthorizationHandler, FakeAuthorizationHandler>(); } else { // production stuff services.AddSingleton<IAuthorizationHandler, RealAuthorizationHandler>(); } }讨论(0)
加载中...
- 热议问题