目录

• 开发任务
• 代码实现

开发任务

• DotNetNB.Security.Core：定义 core，models，Istore；实现 default memory store
• DotNetNB.WebApplication：创建 ResourceController 和 PermissionController 进行验证

代码实现

• ResourceController
• PermissionController

ResourceController

创建 ResourceController，通过 ResourceManager 获取所有 Resource

using DotNetNB.Security.Core;using Microsoft.AspNetCore.Mvc;namespace DotNetNB.WebApplication.Controllers{[ApiController][Route("[controller]")]public class ResourceController : ControllerBase{private readonly IResourceManager _resourceManager;public ResourceController(IResourceManager resourceManager){_resourceManager = resourceManager;}[HttpGet][Route("")]public async Task<IActionResult> GetAll(){return Ok(await _resourceManager.GetAllAsync());}}}

在 Program 中先将 AddEntityAccessControl 进行注释

builder.Services.AddSecurity(options =>{options.AddActionAccessControl();//.AddEntityAccessControl();});

在 ServiceCollectionExtensions 的扩展方法 AddSecurity 中创建 option，并调用，同时注入 Store 和 Manager

using DotNetNB.Security.Core.Store;using Microsoft.Extensions.DependencyInjection;namespace DotNetNB.Security.Core.Extensions{public static class ServiceCollectionExtensions{public static IServiceCollection AddSecurity(this IServiceCollection services, Action<SecurityOption>? configure){var option = new SecurityOption { Services = services };configure?.Invoke(option);services.AddSingleton<IResourceStore, DefaultResourceStore>().AddSingleton<IPermissionStore, DefaultPermissionStore>().AddScoped<IResourceManager, ResourceManager>().AddScoped<IPermissionManager, PermissionManager>().AddHostedService<ResourceProviderHostedService>();return services;}}}

在 ResourceProviderHostedService 的 StartAsync 方法中将 host 启动时的所有 action 注入进来

using DotNetNB.Security.Core.Models;using Microsoft.Extensions.DependencyInjection;using Microsoft.Extensions.Hosting;namespace DotNetNB.Security.Core{public class ResourceProviderHostedService : IHostedService{private readonly IServiceProvider _serviceProvider;public ResourceProviderHostedService(IServiceProvider serviceProvider){_serviceProvider = serviceProvider;}public async Task StartAsync(CancellationToken cancellationToken){using var scope = _serviceProvider.CreateScope();var providers = scope.ServiceProvider.GetServices<IResourceProvider>();var resourceManager = scope.ServiceProvider.GetService<IResourceManager>();var resources = new List<Resource>();foreach (var provider in providers){resources.AddRange(await provider.ExecuteAsync());}await resourceManager.CreateAsync(resources);}public async Task StopAsync(CancellationToken cancellationToken){}}}

设置 DotNetNB.WebApplication 为启动项，启动项目，可以通过接口看到 action 相关信息

图片001

PermissionController

创建 PermissionController，通过 PermissionManager 获取所有 Permission

using DotNetNB.Security.Core;using Microsoft.AspNetCore.Mvc;namespace DotNetNB.WebApplication.Controllers{[ApiController][Route("[controller]")]public class PermissionController : ControllerBase{private readonly IPermissionManager _permissionManager;public PermissionController(IPermissionManager permissionManager){_permissionManager = permissionManager;}[HttpGet]public async Task<IActionResult> GetAll(){return Ok(await _permissionManager.GetAllAsync());}}}

创建 dto 对象 CreatePermissionRequest

namespace DotNetNB.WebApplication.ViewModels{public class CreatePermissionRequest{public string Key { get; set; }public string DisplayName { get; set; }public string Description { get; set; }public IEnumerable<string> resources { get; set; }}}

在 PermissionController 中添加创建 Permission 的接口

[HttpPost]public async Task<IActionResult> Create([FromBody] CreatePermissionRequest request){await _permissionManager.CreateAsync(request.Key, request.DisplayName, request.Description, request.resources);return Ok();}

在 Program 中将我们的 Permission 模块添加到 Identity 模块上，相当于一个桥接

builder.Services.AddIdentity<IdentityUser<string>, IdentityRole<string>>().WithPermissions<IdentityUser<string>, IdentityRole<string>>();

GitHub源码链接：

https://github.com/MingsonZheng/dotnetnb.security

课程链接

https://appsqsyiqlk5791.h5.xiaoeknow.com/v1/course/video/v_5f39bdb8e4b01187873136cf?type=2

本作品采用知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议进行许可。

欢迎转载、使用、重新发布，但务必保留文章署名 郑子铭 （包含链接： http://www.cnblogs.com/MingsonZheng/ ），不得用于商业目的，基于本文修改后的作品务必以相同的许可发布。

如有任何疑问，请与我联系 (MingsonZheng@outlook.com) 。