C# 如何在Web API授权属性中获取请求cookie?
在.NET中有两个C# 如何在Web API授权属性中获取请求cookie?,c#,asp.net,asp.net-mvc,cookies,asp.net-web-api,C#,Asp.net,Asp.net Mvc,Cookies,Asp.net Web Api,在.NET中有两个AuthorizeAttribute类。在System.Web.Http命名空间中定义的名称: namespace System.Web.Http { // Summary: // Specifies the authorization filter that verifies the request's System.Security.Principal.IPrincipal. [AttributeUsage(AttributeTargets.
AuthorizeAttribute
类。在System.Web.Http
命名空间中定义的名称:
namespace System.Web.Http
{
// Summary:
// Specifies the authorization filter that verifies the request's System.Security.Principal.IPrincipal.
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class AuthorizeAttribute : AuthorizationFilterAttribute
{
// Summary:
// Initializes a new instance of the System.Web.Http.AuthorizeAttribute class.
public AuthorizeAttribute();
// Summary:
// Gets or sets the authorized roles.
//
// Returns:
// The roles string.
public string Roles { get; set; }
//
// Summary:
// Gets a unique identifier for this attribute.
//
// Returns:
// A unique identifier for this attribute.
public override object TypeId { get; }
//
// Summary:
// Gets or sets the authorized users.
//
// Returns:
// The users string.
public string Users { get; set; }
// Summary:
// Processes requests that fail authorization.
//
// Parameters:
// actionContext:
// The context.
protected virtual void HandleUnauthorizedRequest(HttpActionContext actionContext);
//
// Summary:
// Indicates whether the specified control is authorized.
//
// Parameters:
// actionContext:
// The context.
//
// Returns:
// true if the control is authorized; otherwise, false.
protected virtual bool IsAuthorized(HttpActionContext actionContext);
//
// Summary:
// Calls when an action is being authorized.
//
// Parameters:
// actionContext:
// The context.
//
// Exceptions:
// System.ArgumentNullException:
// The context parameter is null.
public override void OnAuthorization(HttpActionContext actionContext);
}
}
namespace System.Web.Mvc
{
// Summary:
// Specifies that access to a controller or action method is restricted to users
// who meet the authorization requirement.
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{
// Summary:
// Initializes a new instance of the System.Web.Mvc.AuthorizeAttribute class.
public AuthorizeAttribute();
// Summary:
// Gets or sets the user roles that are authorized to access the controller
// or action method.
//
// Returns:
// The user roles that are authorized to access the controller or action method.
public string Roles { get; set; }
//
// Summary:
// Gets the unique identifier for this attribute.
//
// Returns:
// The unique identifier for this attribute.
public override object TypeId { get; }
//
// Summary:
// Gets or sets the users that are authorized to access the controller or action
// method.
//
// Returns:
// The users that are authorized to access the controller or action method.
public string Users { get; set; }
// Summary:
// When overridden, provides an entry point for custom authorization checks.
//
// Parameters:
// httpContext:
// The HTTP context, which encapsulates all HTTP-specific information about
// an individual HTTP request.
//
// Returns:
// true if the user is authorized; otherwise, false.
//
// Exceptions:
// System.ArgumentNullException:
// The httpContext parameter is null.
protected virtual bool AuthorizeCore(HttpContextBase httpContext);
//
// Summary:
// Processes HTTP requests that fail authorization.
//
// Parameters:
// filterContext:
// Encapsulates the information for using System.Web.Mvc.AuthorizeAttribute.
// The filterContext object contains the controller, HTTP context, request context,
// action result, and route data.
protected virtual void HandleUnauthorizedRequest(AuthorizationContext filterContext);
//
// Summary:
// Called when a process requests authorization.
//
// Parameters:
// filterContext:
// The filter context, which encapsulates information for using System.Web.Mvc.AuthorizeAttribute.
//
// Exceptions:
// System.ArgumentNullException:
// The filterContext parameter is null.
public virtual void OnAuthorization(AuthorizationContext filterContext);
//
// Summary:
// Called when the caching module requests authorization.
//
// Parameters:
// httpContext:
// The HTTP context, which encapsulates all HTTP-specific information about
// an individual HTTP request.
//
// Returns:
// A reference to the validation status.
//
// Exceptions:
// System.ArgumentNullException:
// The httpContext parameter is null.
protected virtual HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext);
}
}
另一个在System.Web.Mvc
命名空间中定义:
namespace System.Web.Http
{
// Summary:
// Specifies the authorization filter that verifies the request's System.Security.Principal.IPrincipal.
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class AuthorizeAttribute : AuthorizationFilterAttribute
{
// Summary:
// Initializes a new instance of the System.Web.Http.AuthorizeAttribute class.
public AuthorizeAttribute();
// Summary:
// Gets or sets the authorized roles.
//
// Returns:
// The roles string.
public string Roles { get; set; }
//
// Summary:
// Gets a unique identifier for this attribute.
//
// Returns:
// A unique identifier for this attribute.
public override object TypeId { get; }
//
// Summary:
// Gets or sets the authorized users.
//
// Returns:
// The users string.
public string Users { get; set; }
// Summary:
// Processes requests that fail authorization.
//
// Parameters:
// actionContext:
// The context.
protected virtual void HandleUnauthorizedRequest(HttpActionContext actionContext);
//
// Summary:
// Indicates whether the specified control is authorized.
//
// Parameters:
// actionContext:
// The context.
//
// Returns:
// true if the control is authorized; otherwise, false.
protected virtual bool IsAuthorized(HttpActionContext actionContext);
//
// Summary:
// Calls when an action is being authorized.
//
// Parameters:
// actionContext:
// The context.
//
// Exceptions:
// System.ArgumentNullException:
// The context parameter is null.
public override void OnAuthorization(HttpActionContext actionContext);
}
}
namespace System.Web.Mvc
{
// Summary:
// Specifies that access to a controller or action method is restricted to users
// who meet the authorization requirement.
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter
{
// Summary:
// Initializes a new instance of the System.Web.Mvc.AuthorizeAttribute class.
public AuthorizeAttribute();
// Summary:
// Gets or sets the user roles that are authorized to access the controller
// or action method.
//
// Returns:
// The user roles that are authorized to access the controller or action method.
public string Roles { get; set; }
//
// Summary:
// Gets the unique identifier for this attribute.
//
// Returns:
// The unique identifier for this attribute.
public override object TypeId { get; }
//
// Summary:
// Gets or sets the users that are authorized to access the controller or action
// method.
//
// Returns:
// The users that are authorized to access the controller or action method.
public string Users { get; set; }
// Summary:
// When overridden, provides an entry point for custom authorization checks.
//
// Parameters:
// httpContext:
// The HTTP context, which encapsulates all HTTP-specific information about
// an individual HTTP request.
//
// Returns:
// true if the user is authorized; otherwise, false.
//
// Exceptions:
// System.ArgumentNullException:
// The httpContext parameter is null.
protected virtual bool AuthorizeCore(HttpContextBase httpContext);
//
// Summary:
// Processes HTTP requests that fail authorization.
//
// Parameters:
// filterContext:
// Encapsulates the information for using System.Web.Mvc.AuthorizeAttribute.
// The filterContext object contains the controller, HTTP context, request context,
// action result, and route data.
protected virtual void HandleUnauthorizedRequest(AuthorizationContext filterContext);
//
// Summary:
// Called when a process requests authorization.
//
// Parameters:
// filterContext:
// The filter context, which encapsulates information for using System.Web.Mvc.AuthorizeAttribute.
//
// Exceptions:
// System.ArgumentNullException:
// The filterContext parameter is null.
public virtual void OnAuthorization(AuthorizationContext filterContext);
//
// Summary:
// Called when the caching module requests authorization.
//
// Parameters:
// httpContext:
// The HTTP context, which encapsulates all HTTP-specific information about
// an individual HTTP request.
//
// Returns:
// A reference to the validation status.
//
// Exceptions:
// System.ArgumentNullException:
// The httpContext parameter is null.
protected virtual HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext);
}
}
这两者之间的主要区别是:
版本可由Web API使用System.Web.Http
版本可由ASP.NET Mvc使用System.Web.Mvc
version当Http
version使用Mvc
类型时,在OnAuthorization方法中使用AuthorizationContext
参数类型HttpActionContext
Http
版本的AuthorizeAttribute
中的请求cookie。在Mvc
版本中,它的实现如下:
public class Foo : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
HttpCookie cookie = filterContext.HttpContext.Request.Cookies.Get("Bar");
}
}
有人知道我如何使用HttpActionContext
进行同样的操作吗?有可能吗?如果不可能-为什么会这样?返回cookie的集合s,则需要获取所需的cookie
public class Foo : AuthorizeAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
var cookie = actionContext.Request.Headers.GetCookies("Bar").FirstOrDefault();
}
}
public class Foo : AuthorizeAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
var cookies = actionContext.Request.Headers.GetCookies("Bar").FirstOrDefault();
var cookie = cookies["Bar"];
}
}
不完全正确,但距离足够近;)@Ryan据我所知,这一切都是关于在调试器中浏览在没有任何参数的情况下执行GetCookies方法的结果。应该有一些数组,并且找出如何获取cookie相对简单。@Ryan-我认为缺少的部分是:例如,如果您的cookie有一个username=myUserName,那么您需要在Prasanjit编写的内容之后添加一行-
string username=cookie.cookies.Where(c=>c.Name==“username”).FirstOrDefault().价值
提取myUserNamevar cookie=actionContext.Request.Headers.GetCookies(“Bar”).FirstOrDefault()?[“Bar”]代码>需要两次指定“Bar”的原因是什么?需要两次指定“Bar”的原因是什么?第一个检查指示所需的cookie本身是否存在。第二个代码有助于检索值以进行进一步处理。