Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/asp.net-mvc/14.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# WebApi自定义授权属性不工作_C#_Asp.net Mvc_Asp.net Web Api - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# WebApi自定义授权属性不工作

C# WebApi自定义授权属性不工作

c# asp.net-mvc asp.net-web-api

C# WebApi自定义授权属性不工作,c#,asp.net-mvc,asp.net-web-api,C#,Asp.net Mvc,Asp.net Web Api,我有以下自定义授权属性 namespace xx.Api { public class MyAuthorizeAttribute : AuthorizeAttribute { public MyAuthorizeAttribute(params string[] roleKeys) { List<string> users = new List<string>(roleKeys.Length);

我有以下自定义授权属性

namespace xx.Api
{
    public class MyAuthorizeAttribute : AuthorizeAttribute
    {

        public MyAuthorizeAttribute(params string[] roleKeys)
        {
            List<string> users = new List<string>(roleKeys.Length); 
            var allRoles = (NameValueCollection)ConfigurationManager.GetSection("users");
            foreach (var roleKey in roleKeys)
            {
                users.Add(allRoles[roleKey]);
            }

            this.Roles = string.Join(",", users);
        }
    }
}
我在web.config中有这个

<configSections>
    <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
    <section
      name="users"
      type="System.Configuration.NameValueFileSectionHandler,System, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  </configSections>
  <users>
    <add key="user" value="domain\firstname.lastname" />
  </users>
我把我的用户名放在那里,当我将API方法url分享给同事时,他可以立即看到JSON,应该拒绝访问

我遗漏了什么?

检查这个:还有

尝试在IIS上启用Windows身份验证,重写AuthorizationAttribute的OnAuthorize方法,并检查用户设置是否正确。

lol问题是Windows身份验证已启用,但也是匿名的:( 
<configSections>
    <!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
    <section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
    <section
      name="users"
      type="System.Configuration.NameValueFileSectionHandler,System, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
  </configSections>
  <users>
    <add key="user" value="domain\firstname.lastname" />
  </users>