AuthorizeAttribute在Mvc 5应用程序中的Web Api控制器上不起作用 [英] AuthorizeAttribute not working on Web Api Controller in Mvc 5 application

问题描述

我有一个使用个人用户帐户作为身份验证的MVC 5应用程序.

I have an MVC 5 application that uses Individual User Accounts as authentication.

我将一个Web Api2空控制器添加到我的Controllers文件夹中，并执行发布操作.

I add an Web Api2 empty controller to my Controllers folder, and an post action.

[Authorize]
public class AttendancesController : ApiController
{
    [HttpPost]
    public IHttpActionResult Attend([FromBody]int Id)
    {

我运行该应用程序，登录，然后使用Postman或Fidler发送发帖请求.我总是在应用程序的登录"页面上得到响应.

I run the application, i log in and then i use Postman or Fidler to send a post request. I always get response with the Login page of my application.

[Authorize]属性在我的api控制器上不起作用，但在mvc控制器上将起作用.为什么?

The [Authorize] attribute does not work on my api controller but will work on a mvc controller. Why?

推荐答案

WebApi和MVC过滤器不可互换.

WebApi and MVC filters aren't interchangeable.

请参阅这篇文章，其中说明了如何创建WebApi筛选器(尽管使用了IoC容器，您可以忽略): https://damienbod. com/2014/01/04/web-api-2-using-actionfilterattribute-overrideactionfiltersattribute-and-ioc-injection/

See this post which explains how to create WebApi filters (albeit with IoC containers which you can ignore): https://damienbod.com/2014/01/04/web-api-2-using-actionfilterattribute-overrideactionfiltersattribute-and-ioc-injection/

尤其是本段:

重要！ Web API的筛选器与MVC的筛选器不同. Web API筛选器位于System.Web.Http.Filters命名空间中.

Important! Filters for Web API are not the same as filters for MVC. The Web API filters are found in the System.Web.Http.Filters namespace.

这篇关于AuthorizeAttribute在Mvc 5应用程序中的Web Api控制器上不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！