Security » Authorization » 介绍

Introduction¶ 介绍

77 of 87 people found this helpful

Authorization refers to the process that determines what a user is able to do. For example user Adam may be able to create a document library, add documents, edit documents and delete them. User Bob may only be authorized to read documents in a single library.

授权指的是确定一个用户可以做什么的过程。例如用户Adam可以新建文档库、添加文档、编辑文档以及删除。用户Bob只能被授权在某一个库中阅读文档。

Authorization is orthogonal and independent from authentication, which is the process of ascertaining who a user is. Authentication may create one or more identities for the current user.

授权是与身份验证正交并且独立的。身份验证是确认一个用户是谁的过程。身份验证可以为当前用户创建一个或多个身份。

Authorization Types¶ 授权类型

In ASP.NET Core authorization now provides simple declarative role and a richer policy based model where authorization is expressed in requirements and handlers evaluate a users claims against requirements. Imperative checks can be based on simple policies or polices which evaluate both the user identity and properties of the resource that the user is attempting to access.

在ASP.NET Core中，授权提供了基于简单声明角色和基于复杂策略的模型，在该模型中，授权表示按用户声明和请求来评估用户。必要的检查可基于简单的策略，或者同时检查试图连接资源所需的用户身份和属性。

Namespaces¶ 命名空间

Authorization components, including the AuthorizeAttribute and AllowAnonymousAttribute attributes are found in the Microsoft.AspNetCore.Authorization namespace.

授权包括AuthorizeAttribute和AllowAnonymousAttribute属性，可在Microsoft.AspNetCore.Authorization命名空间中找到。