IAuthenticationFilter中的ActionContext.ActionArguments为空 [英] ActionContext.ActionArguments Is Empty In IAuthenticationFilter

查看:244
本文介绍了IAuthenticationFilter中的ActionContext.ActionArguments为空的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

背景:

我想使用使用Ninject注入的IAuthenticationFilter的实现来验证对我的Web API的POST请求.要验证请求,我需要访问请求正文.

I want to authenticate a POST request to my web API using an implementation of IAuthenticationFilter injected using Ninject. To authenticate a request I need access to request body.

问题:

ActionContext.ActionArguments,当我尝试在过滤器中访问它时为空.

ActionContext.ActionArguments, which I usually use to access request payload, is empty when I try to access it inside the filter.

问题:

  1. 如何在IAuthenticationFilter实现中访问POST请求有效负载?
  2. 为什么ActionContext.ActionArgumentsIAuthenticationFilter实现中为空,但如果我的过滤器实现ActionFilterAttribute,则具有值吗?
  1. How to access POST request payload inside an IAuthenticationFilter implementation?
  2. Why ActionContext.ActionArguments is empty inside an IAuthenticationFilter implementation, but has values if my filter implements ActionFilterAttribute?

代码:

过滤器实现:

public class AuthenticateFilter : IAuthenticationFilter
{
    private const string AuthenticationHeader = "X-Auth-Token";
    private const string UserHeader = "X-Auth-User";

    private readonly ILog log;

    public AuthenticateFilter(ILog log)
    {
        this.log = log;
    }

    public Task AuthenticateAsync(HttpAuthenticationContext context, 
                                  CancellationToken cancellationToken)
    {
        // context.ActionContext.ActionArguments is empty

        if (!IsAuthenticated(context))
        {
            context.ErrorResult = 
                new StatusCodeResult(HttpStatusCode.Unauthorized, 
                                     context.Request);
        }

        return Task.FromResult(0);
    }

    public Task ChallengeAsync(HttpAuthenticationChallengeContext context,
                               CancellationToken cancellationToken)
    {
        context.Result = 
            new StatusCodeResult(HttpStatusCode.Unauthorized, 
                                 context.Request);

        return Task.FromResult(0);
    }

    private bool IsAuthenticated(HttpAuthenticationContext context)
    {
        // Authentication code here
        // context.ActionContext.ActionArguments is empty
    }
}

当控制器方法具有属性时,使用Ninject注入过滤器.

The filter is injected using Ninject when controller method has a attribute.

kernel.BindHttpFilter<AuthenticateFilter>(FilterScope.Action)
      .WhenActionMethodHas<AuthenticateAttribute>();

AuthenticateAttribute是空的ActionFilterAttribute.

public class AuthenticateAttribute : ActionFilterAttribute
{

}

谢谢!

推荐答案

这是预期的行为. AuthenticationAuthorization过滤器在ModelBinding/Formatter反序列化阶段之前运行,而Action过滤器在此阶段之后运行.

This is expected behavior. Authentication and Authorization filters run before ModelBinding/Formatter deserialization stage, where as Action filters run after this stage.

这篇关于IAuthenticationFilter中的ActionContext.ActionArguments为空的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆