-
Notifications
You must be signed in to change notification settings - Fork 1
Tutorial:Authority verification logic
Psyche edited this page Oct 22, 2020
·
3 revisions
In this chapter, you will learn:
- authorization process
- authorization services work
ClientRequest -> AuthMiddleware -> AuthHandler -> Response auth result
- Request first go in middleware call "CheckAuthorization" method.
- In "CheckAuthorization" method extract the credentials at the location you defined.The credential location is Query/Header/Cookie.
- Check your defined authorization source sequence.Once the source returns the authorization status, the remaining sources will not be executed.
Default sequence:
AuthCenter -> Cache -> Database -> Default(Attribute)
- You need to define your own AuthHandler.You can define the "Cahce" and "Database" authorization behavior in the sequence.
- If your AuthHanler returns true, then your business code will execute normally.If false you need keep looking.
- In "AuthOptions.NonAccessParm" you can define no access time response code,response ContentType and response body.
Default http response:
Http Code: 200
Body:
{
"status":403,
"msg":"No permission"
}