I want to set policy permissions on asp.net core per Post, not per PageModel

Asked 2 years ago, Updated 2 years ago, 95 views

I'm sorry if there's anything wrong with the question.

https://docs.microsoft.com/ja-jp/aspnet/core/security/authorization/policies?view=aspnetcore-2.2
As you can see in ,

 [Authorize (Policy="AtLeast 21")]
public class AlcoholPurchaseController:Controller
{
    publicIActionResultIndex()=>View();
}

We know that you can restrict access by configuring policies as shown in .
(I am currently writing RazorPages)

For users who do not meet certain policies this time, I would like to do something like displaying the page but not registering from POST.
Therefore, I would like to set policy permissions per Post, not per PageModel, but I cannot.

 [Authorize(Policy="AtLeast21")] // I'll call it here
public class EditModel:PageModel
{

    public async Task<IActionResult>OnGetAsync(int?id)
    {
         // Processing 1
    }

    [Authorize (Policy="AtLeast21")] // I want to write here
    public async Task<IActionResult>OnPostAsync()
    {
          // Processing 2
    }
}

Is it difficult to implement the above in the policy?
Is there no other way but to write the method of satisfying the permissions in processing 2?

If anyone knows, I would appreciate it if you could give me some knowledge.

asp.net asp.net-core

2022-09-30 19:39

1 Answers

For users who do not meet a certain policy, I would like to do something like displaying pages but not registering from POST.

I don't know what conditions and what kind of decision the "policy" will make and what kind of response it will give to the user, so it might be a mistake...

You should use the built-in user input verification function to verify that the "policy" is met when POST is sent, and if the verification result is NG, send it back with an error message.

The following article attaches the CustomValidation attribute to the Model properties to verify that the surname Sato must be at least 20 years of age.

CustomValidation Attributes
http://surferonwww.info/BlogEngine/post/2020/02/25/custom-validation-attribute.aspx

The same can be done with custom model binders or with custom models that inherit IValidatableObjects.See the article below for more information.

Custom Model Binder (Core 3.1)
http://surferonwww.info/BlogEngine/post/2020/02/15/aspnet-core-31-mvc-custom-model-binder.aspx

Custom Model Inherited IValidatableObject
http://surferonwww.info/BlogEngine/post/2020/02/28/custom-model-inheriting-ivalidatableobject-interface.aspx


2022-09-30 19:39

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.