daohualiuxiang
/
AspNetCore.Docs
mirror of https://github.com/dotnet/AspNetCore.Docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updating claims md to .NET Core 3.0 (#15104) 

* Updating claims md to .NET Core 3.0

* Update claims.md
pull/15399/head
damienbod 2019-10-30 17:34:57 +01:00 committed by Scott Addie
parent 6d7dc602c3
commit 98eedb7009
1 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
aspnetcore/security/authorization/claims.md
View File

@ -24,6 +24,25 @@ The simplest type of claim policy looks for the presence of a claim and doesn't
First you need to build and register the policy. This takes place as part of the Authorization service configuration, which normally takes part in `ConfigureServices()` in your *Startup.cs* file.
::: moniker range=">= aspnetcore-3.0"
```csharp
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddRazorPages();
services.AddAuthorization(options =>
{
options.AddPolicy("EmployeeOnly", policy => policy.RequireClaim("EmployeeNumber"));
});
}
```
::: moniker-end
::: moniker range="< aspnetcore-3.0"
```csharp
public void ConfigureServices(IServiceCollection services)
{
@ -36,6 +55,8 @@ public void ConfigureServices(IServiceCollection services)
}
```
::: moniker-end
In this case the `EmployeeOnly` policy checks for the presence of an `EmployeeNumber` claim on the current identity.
You then apply the policy using the `Policy` property on the `AuthorizeAttribute` attribute to specify the policy name;
@ -79,6 +100,26 @@ public class VacationController : Controller
Most claims come with a value. You can specify a list of allowed values when creating the policy. The following example would only succeed for employees whose employee number was 1, 2, 3, 4 or 5.
::: moniker range=">= aspnetcore-3.0"
```csharp
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.AddRazorPages();
services.AddAuthorization(options =>
{
options.AddPolicy("Founders", policy =>
policy.RequireClaim("EmployeeNumber", "1", "2", "3", "4", "5"));
});
}
```
::: moniker-end
::: moniker range="< aspnetcore-3.0"
```csharp
public void ConfigureServices(IServiceCollection services)
{
@ -92,6 +133,7 @@ public void ConfigureServices(IServiceCollection services)
}
```
::: moniker-end
### Add a generic claim check
If the claim value isn't a single value or a transformation is required, use [RequireAssertion](/dotnet/api/microsoft.aspnetcore.authorization.authorizationpolicybuilder.requireassertion). For more information, see [Using a func to fulfill a policy](xref:security/authorization/policies#using-a-func-to-fulfill-a-policy).