{"id":31598213,"url":"https://github.com/sangyuxiaowu/sang.aspnetcore.rolebasedauthorization","last_synced_at":"2025-10-06T05:37:40.121Z","repository":{"id":61635486,"uuid":"548435022","full_name":"sangyuxiaowu/Sang.AspNetCore.RoleBasedAuthorization","owner":"sangyuxiaowu","description":"AspNet Web API Role-Based Authorization. RBAC 权限管理","archived":false,"fork":false,"pushed_at":"2025-04-15T10:06:51.000Z","size":62,"stargazers_count":11,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-05T04:19:19.532Z","etag":null,"topics":["authorization","dotnet","net6","rbac"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sangyuxiaowu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-10-09T15:06:03.000Z","updated_at":"2025-04-24T08:49:43.000Z","dependencies_parsed_at":"2025-04-16T08:16:05.391Z","dependency_job_id":null,"html_url":"https://github.com/sangyuxiaowu/Sang.AspNetCore.RoleBasedAuthorization","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/sangyuxiaowu/Sang.AspNetCore.RoleBasedAuthorization","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sangyuxiaowu%2FSang.AspNetCore.RoleBasedAuthorization","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sangyuxiaowu%2FSang.AspNetCore.RoleBasedAuthorization/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sangyuxiaowu%2FSang.AspNetCore.RoleBasedAuthorization/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sangyuxiaowu%2FSang.AspNetCore.RoleBasedAuthorization/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sangyuxiaowu","download_url":"https://codeload.github.com/sangyuxiaowu/Sang.AspNetCore.RoleBasedAuthorization/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sangyuxiaowu%2FSang.AspNetCore.RoleBasedAuthorization/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278562468,"owners_count":26007194,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-06T02:00:05.630Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization","dotnet","net6","rbac"],"created_at":"2025-10-06T05:37:37.538Z","updated_at":"2025-10-06T05:37:40.115Z","avatar_url":"https://github.com/sangyuxiaowu.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Sang.AspNetCore.RoleBasedAuthorization\n\n[![NuGet version (Sang.AspNetCore.RoleBasedAuthorization)](https://img.shields.io/nuget/v/Sang.AspNetCore.RoleBasedAuthorization.svg?style=flat-square)](https://www.nuget.org/packages/Sang.AspNetCore.RoleBasedAuthorization/)\n\nRole-Based Authorization for ASP.NET\n\nASP.NET RBAC 权限管理\n\n## Instructions:\n\n##### Step 1 \n\nAdd this package.\n\n```bash\nInstall-Package Sang.AspNetCore.RoleBasedAuthorization\n```\n\n##### Step 2 \n\nAdd RBAC Services.\n\n```\nbuilder.Services.AddSangRoleBasedAuthorization();\n```\n\n##### Step 3\n\nAdd the ResourceAttribute tag to the interface or Controller that needs to be checked for authorization.\n\n在需要进行授权检查的接口或 Controller 处添加 ResourceAttribute 标记。\n\n```csharp\n[Resource(\"资源\")]\n[Route(\"api/[controller]\")]\n[ApiController]\npublic class RolesController : ControllerBase\n{\n}\n```\n\n```csharp\n/// \u003csummary\u003e\n/// 删除-数值\n/// \u003c/summary\u003e\n/// \u003cparam name=\"id\"\u003e\u003c/param\u003e\n[Resource(\"删除-数值\")] //[Resource(\"删除\", Action = \"数值\")]\n[HttpDelete(\"{id}\")]\npublic IActionResult Delete(int id)\n{\n    return Ok(\"删除-数值\");\n}\n```\n\n##### Step 4\n\nAfter completing the above operations, the authorization check will check whether `User.Claims` has the corresponding `Permission`.\nYou need to add the corresponding `Claims` for the user, which can be included directly when generating the jwt token.\nYou can also use middleware to read the corresponding role and add it before the authorization check.\nYou can implement it yourself or use the provided functions described in the next section.\n\n完成以上操作后，授权检查，将检查`User.Claims`是否存在对应的`Permission`。\n需要为用户添加对应的 `Claims` ，可以在生成 jwt token 时直接包含。\n也可以使用中间件读取对应的角色，在授权检查前添加，可以自己实现也可以使用提供的下一节介绍的功能。\n\n```csharp\nvar claims = new List\u003cClaim\u003e\n{\n    new Claim(ClaimTypes.NameIdentifier, \"uid\"),\n    new Claim(ClaimTypes.Name,\"用户名\"),\n    new Claim(ClaimTypes.Email,\"test@exp.com\"),\n    new Claim(ClaimTypes.Role, \"user\"),\n    new Claim(ResourceClaimTypes.Permission,\"查询\"),\n};\nvar token = new JwtSecurityToken(\n        \"Issuer\",\n        \"Audience\",\n        claims,\n        expires: DateTime.UtcNow.AddSeconds(3600),\n        signingCredentials: credentials\n    );\n```\n\n\u003e Note: If the role is named `SangRBAC_Administrator`, no authorization check will be done.\n\n\u003e 注意：如果角色名为`SangRBAC_Administrator`，将不进行授权检查。\n\n## Optional Features\n\nUse the provided add role permission middleware, You can also use this component alone.\n\n使用提供的添加角色权限中间件，你也可以单独使用该组件。\n\n##### Step 1 \n\nImplement `IRolePermission`, get the role permission list by role name.\n\n实现`IRolePermission`，通过角色名获取该角色权限列表\n\n```csharp\npublic class MyRolePermission : IRolePermission\n{\n    public Task\u003cList\u003cClaim\u003e\u003e GetRolePermissionClaimsByName(string roleName)\n    {\n        List\u003cClaim\u003e list = new();\n        // you code\n        return Task.FromResult(list);\n    }\n}\n```\n\nThen add service;\n\n然后添加服务。\n\n```csharp\nbuilder.Services.AddRolePermission\u003cMyRolePermission\u003e();\n```\n\n##### Step 2\n\nEnable this middleware before `app.UseAuthorization();` and after `app.UseAuthentication();`.\n\n在`app.UseAuthorization();`前`app.UseAuthentication()`后启用这个中间件。\n\n```csharp\napp.UseAuthentication();\napp.UseRolePermission();\napp.UseAuthorization();\n```\n##### Option\n\nUseRolePermission \n\n**1. option.UserAdministratorRoleName：**\n\nSet a custom role to have the same built-in super administrator privileges as `SangRBAC_Administrator`.\n\n设置一个自定义角色，使其拥有 `SangRBAC_Administrator` 一样的系统内置超级管理员权限。\n\n**2. option.Always：**\n\nWhether to check and execute the addition all the time. By default, only when the `ResourceAttribute` is included for permission verification, the access middleware will start the adding permission function.\n\n是否一直检查并执行添加，默认只有在含有 `ResourceAttribute` 要进行权限验证时，此次访问中间件才启动添加权限功能。\n\n## Demo\n\n- Simple Demo https://github.com/sangyuxiaowu/Sang.AspNetCore.RoleBasedAuthorization/tree/main/TestDemo\n- Used in the Identity https://github.com/sangyuxiaowu/IdentityRBAC","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsangyuxiaowu%2Fsang.aspnetcore.rolebasedauthorization","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsangyuxiaowu%2Fsang.aspnetcore.rolebasedauthorization","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsangyuxiaowu%2Fsang.aspnetcore.rolebasedauthorization/lists"}