asp.net-core - 在 Hot Chocolate 中使用授权时不会调用 HandleRequirementAsync

Question

你好，

我正在尝试在 Hot Chocolate 中实现基于策略的授权 graphql服务器。
我在看他们的documentation并引用 Microsoft's guide

我想要达到的目标

我想要那个 HandleRequirementAsync()每当 User query 时都会被调用正在被调用。

我所做的

我注册授权和User Policy在 ConfigureServices

        public void ConfigureServices(IServiceCollection services)
        {
            services.AddHttpContextAccessor();
            services.AddAuthorization(options =>
            {
                options.AddPolicy("UserPolicy",
                policy => policy.Requirements.Add(new UserRequirement()));
            });


            services.AddSingleton<Query>();

            services.AddSingleton<IAuthorizationHandler, UserAuthorizationHandler>();

            services.AddSingleton(typeof(IUserRepo), typeof(UserRepo));
            services.AddSingleton(typeof(IBookRepository), typeof(BookRepository));

            services.AddGraphQL(
                SchemaBuilder.New()
                    .AddAuthorizeDirectiveType()
                    .AddType<UserType>()
                    .AddType<BookType>()
                    .AddQueryType<Query>());
        }

我有 User requirement class和 handler

 public class UserAuthorizationHandler : AuthorizationHandler<UserRequirement, IResolverContext>
    {
        private IHttpContextAccessor _accessor;

        public UserAuthorizationHandler([Service] IHttpContextAccessor accessor)
        {
            _accessor = accessor;
        }

        protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, UserRequirement requirement,
            IResolverContext resource)
        {
            context.Succeed(requirement);
            return Task.CompletedTask;
        }
    }

    public class UserRequirement : IAuthorizationRequirement
    {
    }

我声明了一个字段需要策略授权。

    public class UserType
        : ObjectType<User>
    {
        protected override void Configure(IObjectTypeDescriptor<User> descriptor)
        {
            descriptor.Field(t => t.Name).Type<NonNullType<StringType>>().Authorize("UserPolicy");
            descriptor.Field(t => t.Id).Type<NonNullType<StringType>>();
        }
    }

问题

运行此代码时。我希望HandleRequirementAsync将被调用。这种方法应该总是成功的。但是，当请求用户时。实际发生的是该方法没有被调用，并且请求立即被拒绝，并给出以下响应:

{
  "errors": [
    {
      "message": "The current user is not authorized to access this resource.",
      "locations": [
        {
          "line": 3,
          "column": 5
        }
      ],
      "path": [
        "user",
        "name"
      ],
      "extensions": {
        "code": "AUTH_NOT_AUTHENTICATED"
      }
    }
  ]
}

Answer 1

我只是有一个类似的问题。就我而言，我必须确保在

        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)

我有

app.UseAuthentication();
app.UseAuthorization();

首先和然后

app.UseWebSockets()
                .UseGraphQL("/graphql")
                .UsePlayground("/graphql")
                .UseVoyager("/graphql");