Asp.net mvc Web API中的自定义授权属性

我想在web api控制器中创建我的自定义授权，以检查用户的角色以及其活动用户的身份。到目前为止，这是我的代码，我还不知道如何/在这些代码中重写什么。 谢谢非常感谢你的帮助

using Avanza.Conference.Persistence;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Controllers;

namespace Avanza.Conference.Core.Extensions
{
    public class CustomAuthorizeAttribute : AuthorizeAttribute
    {
        ApplicationDbContext _context = new ApplicationDbContext(); // my entity  

        public override void OnAuthorization(HttpActionContext actionContext)
        {

            //Sample on what to do here??
            if (AuthorizeRequest(actionContext))
            {

                return;

            }

            HandleUnauthorizedRequest(actionContext);

        }

        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {

            //Code to handle unauthorized request
            var challengeMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized);
            challengeMessage.Headers.Add("WWW-Authenticate", "Basic");
            throw new HttpResponseException(challengeMessage);

        }

        private bool AuthorizeRequest(HttpActionContext actionContext)
        {

            //Sample on what to do here??

            return true;

        }

    }
}

---

这是您需要的示例，此检查请求包含authenticationtoken，然后仅允许执行请求。您可以在此处检查您的会话是否可用，以检查用户是否登录

public class CustomAuthorize : System.Web.Http.AuthorizeAttribute
{
    public override void OnAuthorization({
           System.Web.Http.Controllers.HttpActionContext actionContext)
    private readonly string Resource {get; set; }base.OnAuthorization(actionContext);
        if (actionContext.Request.Headers.GetValues("authenticationToken") != null)
            string authenticationToken =public Convert.ToStringCustomAuthorize(
           string resource, string actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault()action);
            //authenticationTokenPersistant{
            // it is saved in someResource data= storeresource;
            // i will compare the authenticationToken sent byAction client= withaction;
            // authenticationToken persist in database against specific user, and act accordingly}
          public override ifvoid OnAuthorization(authenticationTokenPersistant != authenticationToken)
            {
                HttpContextSystem.CurrentWeb.ResponseHttp.AddHeader("authenticationToken",Controllers.HttpActionContext authenticationTokenactionContext);
                HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");{
                actionContext.Response = actionContext.Requestbase.CreateResponseOnAuthorization(HttpStatusCode.ForbiddenactionContext);
                return;
            }

 //Check your post authorization logic using Resource HttpContext.Current.Response.AddHeader("authenticationToken",and authenticationToken);Action
        HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized");
   //Your logic here to return return;
authorize or unauthorized response }
    actionContext.Response = 
      actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);}
    actionContext.Response.ReasonPhrase = "Please provide valid inputs";
}

---

我正在寻找授权而不是身份验证，但仍然感谢您的帮助。