C# WebApi自定义授权属性不工作
我有以下自定义授权属性C# WebApi自定义授权属性不工作,c#,asp.net-mvc,asp.net-web-api,C#,Asp.net Mvc,Asp.net Web Api,我有以下自定义授权属性 namespace xx.Api { public class MyAuthorizeAttribute : AuthorizeAttribute { public MyAuthorizeAttribute(params string[] roleKeys) { List<string> users = new List<string>(roleKeys.Length);
namespace xx.Api
{
public class MyAuthorizeAttribute : AuthorizeAttribute
{
public MyAuthorizeAttribute(params string[] roleKeys)
{
List<string> users = new List<string>(roleKeys.Length);
var allRoles = (NameValueCollection)ConfigurationManager.GetSection("users");
foreach (var roleKey in roleKeys)
{
users.Add(allRoles[roleKey]);
}
this.Roles = string.Join(",", users);
}
}
}
我在web.config中有这个
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
<section
name="users"
type="System.Configuration.NameValueFileSectionHandler,System, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</configSections>
<users>
<add key="user" value="domain\firstname.lastname" />
</users>
我把我的用户名放在那里,当我将API方法url分享给同事时,他可以立即看到JSON,应该拒绝访问
我遗漏了什么?检查这个:还有
尝试在IIS上启用Windows身份验证,重写AuthorizationAttribute的OnAuthorize方法,并检查用户设置是否正确。lol问题是Windows身份验证已启用,但也是匿名的:(
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
<section
name="users"
type="System.Configuration.NameValueFileSectionHandler,System, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</configSections>
<users>
<add key="user" value="domain\firstname.lastname" />
</users>