Asp.net mvc Web API中的自定义授权属性
我想在web api控制器中创建我的自定义授权,以检查用户的角色以及其活动用户的身份。到目前为止,这是我的代码,我还不知道如何/在这些代码中重写什么。 谢谢非常感谢你的帮助Asp.net mvc Web API中的自定义授权属性,asp.net-mvc,api,web,authorize-attribute,Asp.net Mvc,Api,Web,Authorize Attribute,我想在web api控制器中创建我的自定义授权,以检查用户的角色以及其活动用户的身份。到目前为止,这是我的代码,我还不知道如何/在这些代码中重写什么。 谢谢非常感谢你的帮助 using Avanza.Conference.Persistence; using System.Net; using System.Net.Http; using System.Web.Http; using System.Web.Http.Controllers; namespace Avanza.Conferenc
using Avanza.Conference.Persistence;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Controllers;
namespace Avanza.Conference.Core.Extensions
{
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
ApplicationDbContext _context = new ApplicationDbContext(); // my entity
public override void OnAuthorization(HttpActionContext actionContext)
{
//Sample on what to do here??
if (AuthorizeRequest(actionContext))
{
return;
}
HandleUnauthorizedRequest(actionContext);
}
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
//Code to handle unauthorized request
var challengeMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized);
challengeMessage.Headers.Add("WWW-Authenticate", "Basic");
throw new HttpResponseException(challengeMessage);
}
private bool AuthorizeRequest(HttpActionContext actionContext)
{
//Sample on what to do here??
return true;
}
}
}
这是您需要的示例,此检查请求包含authenticationtoken,然后仅允许执行请求。您可以在此处检查您的会话是否可用,以检查用户是否登录
public class CustomAuthorize : System.Web.Http.AuthorizeAttribute
{
public override void OnAuthorization({
System.Web.Http.Controllers.HttpActionContext actionContext)
private readonly string Resource {get; set; }base.OnAuthorization(actionContext);
if (actionContext.Request.Headers.GetValues("authenticationToken") != null)
string authenticationToken =public Convert.ToStringCustomAuthorize(
string resource, string actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault()action);
//authenticationTokenPersistant{
// it is saved in someResource data= storeresource;
// i will compare the authenticationToken sent byAction client= withaction;
// authenticationToken persist in database against specific user, and act accordingly}
public override ifvoid OnAuthorization(authenticationTokenPersistant != authenticationToken)
{
HttpContextSystem.CurrentWeb.ResponseHttp.AddHeader("authenticationToken",Controllers.HttpActionContext authenticationTokenactionContext);
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");{
actionContext.Response = actionContext.Requestbase.CreateResponseOnAuthorization(HttpStatusCode.ForbiddenactionContext);
return;
}
//Check your post authorization logic using Resource HttpContext.Current.Response.AddHeader("authenticationToken",and authenticationToken);Action
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized");
//Your logic here to return return;
authorize or unauthorized response }
actionContext.Response =
actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);}
actionContext.Response.ReasonPhrase = "Please provide valid inputs";
}
我正在寻找授权而不是身份验证,但仍然感谢您的帮助。