net自带的权限默认返回的是401和403状态,但是目前大前端时间基本都要求json数据。
net core提供了很多方式实现权限自定义,net5提供了IAuthorizationMiddlewareResultHandler接口来实现这个需求。
services.AddScoped<IAuthorizationMiddlewareResultHandler, CustomAuthorizationMiddleware>();
下面为CustomAuthorizationMiddleware代码,大家可以自行这里自定义逻辑。
public class CustomAuthorizationMiddleware : IAuthorizationMiddlewareResultHandler { public async Task HandleAsync(RequestDelegate next, HttpContext context, AuthorizationPolicy policy, PolicyAuthorizationResult authorizeResult) { var endPoint = context.GetEndpoint(); var controllerActionDescriptor = (ControllerActionDescriptor)endPoint.Metadata .ToList().FirstOrDefault(d => d is ControllerActionDescriptor); var controllerName = controllerActionDescriptor.ControllerName; var actionName = controllerActionDescriptor.ActionName; ResponseData responseData = new ResponseData() { Status = 0 }; if (!context.User.Identity.IsAuthenticated) { //await next(context); context.Response.StatusCode = StatusCodes.Status401Unauthorized; responseData.Code= StatusCodes.Status401Unauthorized; responseData.Msg = "对不起,未登录或登录超时"; context.Response.ContentType = "application/json;charset=utf-8"; await context.Response.WriteAsync(JsonHelper.JsonParse(responseData)); return; } else if(1==0) //自定义逻辑判断是否有权限,这里省略 { responseData.Code = StatusCodes.Status403Forbidden; responseData.Msg = "对不起,您暂无足够的权限执行此操作"; //context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Response.ContentType = "application/json;charset=utf-8"; await context.Response.WriteAsync(JsonHelper.JsonParse(responseData)); return; } else { await next(context); } } }