I want to create a custom authorization that takes BranchId, StaffId and RoleId. The Staff can only be allowed to view only his branch when logging in to the application because the branchId is part of the added staff url.
I managed to get the id from the url and passed to string, but I can't figure out how to use this id to check the branch id of the current user and then check to see if the staff should be on the branch and what role before allowing access.
Here is my example. I am new in .net. How can I do such method?
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, RestrictViewRequirement requirement) { int? branchId = null; if (context.Resource is AuthorizationFilterContext authContext) { var tmp = authContext.HttpContext.Request.Query["branchId"].ToString(); if (!string.IsNullOrEmpty(tmp)) { branchId = int.Parse(tmp); } } } 
没有评论:
发表评论