netcore利用asp.net core actionfilter实现简单的RBAC权限过滤
Posted 厦门德仔
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了netcore利用asp.net core actionfilter实现简单的RBAC权限过滤相关的知识,希望对你有一定的参考价值。
参考这位大神的博客:https://www.cnblogs.com/fonour/p/5848933.html,实现了简单的RBAC权限管理系统,但文章没有提到对权限的过滤,直接输入url还是可以访问未授权功能,在这刚学过滤器,简单实现如下:
首先根据他写博客里的MenuAppService,写一个函数根据用户获取所有菜单和按钮:
///
/// 根据用户获取功能菜单
/// </summary>
/// <param name="userId">用户ID</param>
/// <returns></returns>
public List<MenuDto> GetFunctsByUser(Guid userId)
List<MenuDto> result = new List<MenuDto>();
var allMenus = _menuRepository.GetAllList().OrderBy(it => it.SerialNumber);
if (userId == Guid.Empty) //超级管理员
return Mapper.Map<List<MenuDto>>(allMenus);
var user = _userRepository.GetWithRoles(userId);
if (user == null)
return result;
var userRoles = user.UserRoles;
List<Guid> menuIds = new List<Guid>();
foreach (var role in userRoles)
menuIds = menuIds.Union(_roleRepository.GetAllMenuListByRole(role.RoleId)).ToList();
allMenus = allMenus.Where(it => menuIds.Contains(it.Id)).OrderBy(it => it.SerialNumber);
return Mapper.Map<List<MenuDto>>(allMenus);
写一个ActionFilter,根据当前路由数据和当前用户id,判断权限:
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using RBACCore.Application.MenuApp;
using RBACCore.Utility;
namespace RBACCore.MVC.Filters
public class PermissionFilter : IActionFilter
private readonly IMenuAppService menuService;
public PermissionFilter(IMenuAppService menuAppService)
menuService = menuAppService;
public void OnActionExecuted(ActionExecutedContext context)
public void OnActionExecuting(ActionExecutingContext context)
//获取当前用户
byte[] result;
context.HttpContext.Session.TryGetValue("CurrentUser", out result);
//如果用户不存在,调到登录页
if (result == null)
context.Result = new RedirectResult("/Login/Index");
return;
else
//获取当前area,controller,action名称
var routedata = context.RouteData;
var areaName = routedata.Values["area"];
var controllerName = routedata.Values["controller"].ToString();
var actionName = routedata.Values["action"].ToString();
var curruser = ByteConvertHelper.Bytes2Object<Domain.Entities.User>(result);
var allmenus = menuService.GetFunctsByUser(curruser.Id);
if (curruser == null)
context.Result = new RedirectResult("/Login/Index");
return;
bool authoried = false;
foreach (var item in allmenus)
var controllerIndex = item.Url.ToLower().IndexOf(controllerName.ToLower());
var actionIndex = item.Url.ToLower().IndexOf(actionName.ToLower());
if (areaName == null)
if (controllerName == "Home")
return;
if (controllerIndex > -1 && actionIndex > -1 && actionIndex > controllerIndex)
authoried = true;
return;
else
var areaIndex = item.Url.IndexOf(areaName.ToString().ToLower());
if (controllerIndex > -1 && actionIndex > -1 && areaIndex > -1 && actionIndex > controllerIndex && controllerIndex > actionIndex)
authoried = true;
return;
if (authoried == false)
context.Result = new StatusCodeResult(StatusCodes.Status403Forbidden);
return;
由于上面定义的过滤器需要服务注入,所以不能像特性那样直接写在BaseController头上,而是利用TypeFilter
[TypeFilter(typeof(PermissionFilter))]
public abstract class AlexBaseController : Controller
/// <summary>
/// 获取服务端验证的第一条错误信息
/// </summary>
/// <returns></returns>
public string GetModelStateError()
foreach (var item in ModelState.Values)
if (item.Errors.Count > 0)
return item.Errors[0].ErrorMessage;
return "";
在页面中定义权限,安装area/controller/action默认路由形式,定义功能权限。这里有限制,使用的默认路由,以后再改。
以上是关于netcore利用asp.net core actionfilter实现简单的RBAC权限过滤的主要内容,如果未能解决你的问题,请参考以下文章
[翻译] ASP.NET Core 利用 DockerElasticSearchKibana 来记录日志
ASP.NET Core管道深度剖析:管道是如何建立起来的?
ASP.NET Core (.NET Core) and ASP.NET Core (.NET Framework)区别