Sang.AspNetCore.RoleBasedAuthorization 1.0.6

.NET 6.0 
dotnet add package Sang.AspNetCore.RoleBasedAuthorization --version 1.0.6
NuGet\Install-Package Sang.AspNetCore.RoleBasedAuthorization -Version 1.0.6
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Sang.AspNetCore.RoleBasedAuthorization" Version="1.0.6" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add Sang.AspNetCore.RoleBasedAuthorization --version 1.0.6
#r "nuget: Sang.AspNetCore.RoleBasedAuthorization, 1.0.6"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install Sang.AspNetCore.RoleBasedAuthorization as a Cake Addin
#addin nuget:?package=Sang.AspNetCore.RoleBasedAuthorization&version=1.0.6

// Install Sang.AspNetCore.RoleBasedAuthorization as a Cake Tool
#tool nuget:?package=Sang.AspNetCore.RoleBasedAuthorization&version=1.0.6

Sang.AspNetCore.RoleBasedAuthorization

NuGet version (Sang.AspNetCore.RoleBasedAuthorization)

Role-Based Authorization for ASP.NET

ASP.NET RBAC 权限管理

Instructions:

Step 1

Add this package.

Install-Package Sang.AspNetCore.RoleBasedAuthorization
Step 2

Add RBAC Services.

builder.Services.AddSangRoleBasedAuthorization();
Step 3

Add the ResourceAttribute tag to the interface or Controller that needs to be checked for authorization.

在需要进行授权检查的接口或 Controller 处添加 ResourceAttribute 标记。

[Resource("资源")]
[Route("api/[controller]")]
[ApiController]
public class RolesController : ControllerBase
{
}

/// <summary>
/// 删除-数值
/// </summary>
/// <param name="id"></param>
[Resource("删除-数值")] //[Resource("删除", Action = "数值")]
[HttpDelete("{id}")]
public IActionResult Delete(int id)
{
    return Ok("删除-数值");
}
Step 4

After completing the above operations, the authorization check will check whether User.Claims has the corresponding Permission. You need to add the corresponding Claims for the user, which can be included directly when generating the jwt token. You can also use middleware to read the corresponding role and add it before the authorization check. You can implement it yourself or use the provided functions described in the next section.

完成以上操作后,授权检查,将检查User.Claims是否存在对应的Permission。 需要为用户添加对应的 Claims ,可以在生成 jwt token 时直接包含。 也可以使用中间件读取对应的角色,在授权检查前添加,可以自己实现也可以使用提供的下一节介绍的功能。

var claims = new List<Claim>
{
    new Claim(ClaimTypes.NameIdentifier, "uid"),
    new Claim(ClaimTypes.Name,"用户名"),
    new Claim(ClaimTypes.Email,"test@exp.com"),
    new Claim(ClaimTypes.Role, "user"),
    new Claim(ResourceClaimTypes.Permission,"查询"),
};
var token = new JwtSecurityToken(
        "Issuer",
        "Audience",
        claims,
        expires: DateTime.UtcNow.AddSeconds(3600),
        signingCredentials: credentials
    );

Note: If the role is named SangRBAC_Administrator, no authorization check will be done.

注意:如果角色名为SangRBAC_Administrator,将不进行授权检查。

Optional Features

Use the provided add role permission middleware, You can also use this component alone.

使用提供的添加角色权限中间件,你也可以单独使用该组件。

Step 1

Implement IRolePermission, get the role permission list by role name.

实现IRolePermission,通过角色名获取该角色权限列表

public class MyRolePermission : IRolePermission
{
    public Task<List<Claim>> GetRolePermissionClaimsByName(string roleName)
    {
        List<Claim> list = new();
        // you code
        return Task.FromResult(list);
    }
}

Then add service;

然后添加服务。

builder.Services.AddRolePermission<MyRolePermission>();
Step 2

Enable this middleware before app.UseAuthorization(); and after app.UseAuthentication();.

app.UseAuthorization();app.UseAuthentication()后启用这个中间件。

app.UseAuthentication();
app.UseRolePermission();
app.UseAuthorization();
Option

UseRolePermission

1. option.UserAdministratorRoleName:

Set a custom role to have the same built-in super administrator privileges as SangRBAC_Administrator.

设置一个自定义角色,使其拥有 SangRBAC_Administrator 一样的系统内置超级管理员权限。

2. option.Always:

Whether to check and execute the addition all the time. By default, only when the ResourceAttribute is included for permission verification, the access middleware will start the adding permission function.

是否一直检查并执行添加,默认只有在含有 ResourceAttribute 要进行权限验证时,此次访问中间件才启动添加权限功能。

Demo

Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net6.0

    • No dependencies.

  • net7.0

    • No dependencies.

  • net8.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.0.6 102 1/20/2024
1.0.5 308 12/3/2022
1.0.4 381 10/24/2022
1.0.3 379 10/22/2022
1.0.2 385 10/22/2022
1.0.1 405 10/21/2022
1.0.0 347 10/18/2022