C# 基于授权的ASP.NETWebAPI帮助页
我在Windows身份验证背后使用ASP.Net Web API,并使用[Authorize]属性指定用户有权访问哪些控制器和函数。这很有效。问题是,我希望帮助区域只反映用户被授予的访问权限。好奇是否有人以某种方式实现了这一点。这是在控制器、应用程序启动或帮助控制器级别完成的 先谢谢你 我的一个控制器的代码段C# 基于授权的ASP.NETWebAPI帮助页,c#,asp.net,asp.net-web-api,C#,Asp.net,Asp.net Web Api,我在Windows身份验证背后使用ASP.Net Web API,并使用[Authorize]属性指定用户有权访问哪些控制器和函数。这很有效。问题是,我希望帮助区域只反映用户被授予的访问权限。好奇是否有人以某种方式实现了这一点。这是在控制器、应用程序启动或帮助控制器级别完成的 先谢谢你 我的一个控制器的代码段 [Authorize] public class TaktTimeController : ApiController { private BIDataContainer db =
[Authorize]
public class TaktTimeController : ApiController
{
private BIDataContainer db = new BIDataContainer();
// GET api/TaktTime
[Authorize(Roles="Admins")]
public IQueryable<TaktTime> GetTaktTimes()
{
return db.TaktTimes;
}
// GET api/TaktTime/5
[ResponseType(typeof(TaktTime))]
[Authorize(Roles = "Admins")]
public IHttpActionResult GetTaktTime(string id)
{
TaktTime takttime = db.TaktTimes.Find(id);
if (takttime == null)
{
return NotFound();
}
return Ok(takttime);
}
public string Get()
{
if(User.IsInRole("admin"))
{
return "Text for admin";
}
if(User.IsInRole("user"))
{
return "Text for user";
}
}
[授权]
公共类TaktimeController:ApiController
{
私有BIDataContainer db=新的BIDataContainer();
//获取api/taktime
[授权(角色=“管理员”)]
公共IQueryable gettaktimes()
{
返回db.taktimes;
}
//获取api/taktime/5
[ResponseType(typeof(taktime))]
[授权(角色=“管理员”)]
公共IHttpActionResult GetTaktTime(字符串id)
{
taktime-taktime=db.taktimes.Find(id);
if(taktime==null)
{
返回NotFound();
}
返回Ok(taktime);
}
@if (User.IsInRole("admin"))
{
<div>
<!--Text for admin here-->
</div>
}
@if (User.IsInRole("user"))
{
<div>
<!--Text for user here-->
</div>
}
您需要修改HelpController.cs并添加以下方法:
using System.Collections.ObjectModel;
private Collection<ApiDescription> FilteredDescriptions()
{
var descriptionsToShow = new Collection<ApiDescription>();
foreach (var apiDescription in Configuration.Services.GetApiExplorer().ApiDescriptions)
{
var actionDescriptor = apiDescription.ActionDescriptor as ReflectedHttpActionDescriptor;
var authAttribute = actionDescriptor?.MethodInfo.CustomAttributes.FirstOrDefault(x => x.AttributeType.Name == nameof(System.Web.Http.AuthorizeAttribute));
var roleArgument = authAttribute?.NamedArguments?.FirstOrDefault(x => x.MemberName == nameof(System.Web.Http.AuthorizeAttribute.Roles));
var roles = roleArgument?.TypedValue.Value as string;
if (roles?.Split(',').Any(role => User.IsInRole(role.Trim())) ?? false)
{
descriptionsToShow.Add(apiDescription);
}
}
return descriptionsToShow;
}
在Stanislav方法的基础上,我添加了对
AllowAnonymouspublic ActionResult Index()
{
ViewBag.DocumentationProvider = Configuration.Services.GetDocumentationProvider();
//return View(Configuration.Services.GetApiExplorer().ApiDescriptions);
return View(FilteredDescriptions());
}
private Collection<ApiDescription> FilteredDescriptions()
{
var list = Configuration.Services.GetApiExplorer().ApiDescriptions
.Where(apiDescription =>
{
// action attributes
if (apiDescription.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count != 0)
{
return true;
}
var actionAuthorizeAttributes = apiDescription.ActionDescriptor.GetCustomAttributes<AuthorizeAttribute>();
if (actionAuthorizeAttributes.Count != 0)
{
return actionAuthorizeAttributes.All(IsUserAuthorized);
}
// controller attributes
if (apiDescription.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count != 0)
{
return true;
}
var controllerAuthorizeAttributes = apiDescription.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AuthorizeAttribute>();
if (controllerAuthorizeAttributes.Count != 0)
{
return controllerAuthorizeAttributes.All(IsUserAuthorized);
}
// global attributes
if (apiDescription.ActionDescriptor.Configuration.Filters.OfType<AllowAnonymousAttribute>().Any())
{
return true;
}
var globalAuthorizeAttributes = apiDescription.ActionDescriptor.Configuration.Filters.OfType<AuthorizeAttribute>().ToList();
if (globalAuthorizeAttributes.Count != 0)
{
return globalAuthorizeAttributes.All(IsUserAuthorized);
}
return true;
})
.ToList();
return new Collection<ApiDescription>(list);
}
private bool IsUserAuthorized(AuthorizeAttribute authorizeAttribute)
{
return User.Identity.IsAuthenticated
&& (authorizeAttribute.Roles == "" || authorizeAttribute.Roles.Split(',').Any(role => User.IsInRole(role.Trim())))
&& (authorizeAttribute.Users == "" || authorizeAttribute.Users.Split(',').Any(user => User.Identity.Name == user));
}
public ActionResult Index()
{
ViewBag.DocumentationProvider=配置.Services.GetDocumentationProvider();
//返回视图(Configuration.Services.GetApiExplorer().apisdescriptions);
返回视图(FilteredDescriptions());
}
私有集合筛选器描述()
{
var list=Configuration.Services.GetApiExplorer().ApiDescriptions
.其中(apiDescription=>
{
//动作属性
if(apisdescription.ActionDescriptor.GetCustomAttributes().Count!=0)
{
返回true;
}
var actionAuthorizeAttributes=apiscription.ActionDescriptor.GetCustomAttributes();
如果(actionAuthorizeAttributes.Count!=0)
{
返回actionAuthorizeAttributes.All(IsUserAuthorized);
}
//控制器属性
if(apisdescription.ActionDescriptor.ControllerDescriptor.GetCustomAttributes().Count!=0)
{
返回true;
}
var controllerAuthorizeAttributes=apisdescription.ActionDescriptor.ControllerDescriptor.GetCustomAttributes();
如果(controllerAuthorizeAttributes.Count!=0)
{
返回controllerAuthorizeAttributes.All(IsUserAuthorizeAttribute);
}
//全局属性
if(apiscription.ActionDescriptor.Configuration.Filters.OfType().Any())
{
返回true;
}
var globalaauthorizeattributes=apiscription.ActionDescriptor.Configuration.Filters.OfType().ToList();
if(globalAuthorizeAttributes.Count!=0)
{
返回globalAuthorizeAttributes.All(IsUserAuthorized);
}
返回true;
})
.ToList();
返回新集合(列表);
}
私有bool IsUserAuthorized(AuthorizeAttribute AuthorizeAttribute)
{
返回User.Identity.IsAuthenticated
&&(authorizeAttribute.Roles==“”| | authorizeAttribute.Roles.Split(',').Any(role=>User.IsInRole(role.Trim()))
&&(authorizeAttribute.Users==“”| | authorizeAttribute.Users.Split(',').Any(user=>user.Identity.Name==user));
}
public ActionResult Index()
{
ViewBag.DocumentationProvider = Configuration.Services.GetDocumentationProvider();
//return View(Configuration.Services.GetApiExplorer().ApiDescriptions);
return View(FilteredDescriptions());
}
private Collection<ApiDescription> FilteredDescriptions()
{
var list = Configuration.Services.GetApiExplorer().ApiDescriptions
.Where(apiDescription =>
{
// action attributes
if (apiDescription.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count != 0)
{
return true;
}
var actionAuthorizeAttributes = apiDescription.ActionDescriptor.GetCustomAttributes<AuthorizeAttribute>();
if (actionAuthorizeAttributes.Count != 0)
{
return actionAuthorizeAttributes.All(IsUserAuthorized);
}
// controller attributes
if (apiDescription.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count != 0)
{
return true;
}
var controllerAuthorizeAttributes = apiDescription.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AuthorizeAttribute>();
if (controllerAuthorizeAttributes.Count != 0)
{
return controllerAuthorizeAttributes.All(IsUserAuthorized);
}
// global attributes
if (apiDescription.ActionDescriptor.Configuration.Filters.OfType<AllowAnonymousAttribute>().Any())
{
return true;
}
var globalAuthorizeAttributes = apiDescription.ActionDescriptor.Configuration.Filters.OfType<AuthorizeAttribute>().ToList();
if (globalAuthorizeAttributes.Count != 0)
{
return globalAuthorizeAttributes.All(IsUserAuthorized);
}
return true;
})
.ToList();
return new Collection<ApiDescription>(list);
}
private bool IsUserAuthorized(AuthorizeAttribute authorizeAttribute)
{
return User.Identity.IsAuthenticated
&& (authorizeAttribute.Roles == "" || authorizeAttribute.Roles.Split(',').Any(role => User.IsInRole(role.Trim())))
&& (authorizeAttribute.Users == "" || authorizeAttribute.Users.Split(',').Any(user => User.Identity.Name == user));
}