I want to set policy permissions on asp.net core per Post, not per PageModel

Asked 1 years ago, Updated 1 years ago, 82 views

I'm sorry if there's anything wrong with the question.

https://docs.microsoft.com/ja-jp/aspnet/core/security/authorization/policies?view=aspnetcore-2.2
As you can see in , 

 [Authorize (Policy="AtLeast 21")]
public class AlcoholPurchaseController:Controller
{
    publicIActionResultIndex()=>View();
}

We know that you can restrict access by configuring policies as shown in .
(I am currently writing RazorPages)

For users who do not meet certain policies this time, I would like to do something like displaying the page but not registering from POST.
Therefore, I would like to set policy permissions per Post, not per PageModel, but I cannot.

 [Authorize(Policy="AtLeast21")] // I'll call it here
public class EditModel:PageModel
{

    public async Task<IActionResult>OnGetAsync(int?id)
    {
         // Processing 1
    }

    [Authorize (Policy="AtLeast21")] // I want to write here
    public async Task<IActionResult>OnPostAsync()
    {
          // Processing 2
    }
}

Is it difficult to implement the above in the policy?
Is there no other way but to write the method of satisfying the permissions in processing 2?

If anyone knows, I would appreciate it if you could give me some knowledge.

asp.net asp.net-core

2022-09-30 19:39

1 Answers

For users who do not meet a certain policy, I would like to do something like displaying pages but not registering from POST.

I don't know what conditions and what kind of decision the "policy" will make and what kind of response it will give to the user, so it might be a mistake...

You should use the built-in user input verification function to verify that the "policy" is met when POST is sent, and if the verification result is NG, send it back with an error message.

The following article attaches the CustomValidation attribute to the Model properties to verify that the surname Sato must be at least 20 years of age.

CustomValidation Attributes
http://surferonwww.info/BlogEngine/post/2020/02/25/custom-validation-attribute.aspx

The same can be done with custom model binders or with custom models that inherit IValidatableObjects.See the article below for more information.

Custom Model Binder (Core 3.1)
http://surferonwww.info/BlogEngine/post/2020/02/15/aspnet-core-31-mvc-custom-model-binder.aspx

Custom Model Inherited IValidatableObject
http://surferonwww.info/BlogEngine/post/2020/02/28/custom-model-inheriting-ivalidatableobject-interface.aspx

2022-09-30 19:39

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

513 The method of the class of the application that I am creating in Typescript does not work as I expected.

546 Scrap text information after the "View More" button when searching in the Yahoo! News search window

536 Understanding How to Configure Google API Key

536 PHP ssh2_scp_send fails to send files as intended

536 rails db:create error: Could not find mysql2-0.5.4 in any of the sources

© 2024 OneMinuteCode. All rights reserved.