在Asp.net Web Api授权过滤器上，如何访问参数? [英] On Asp.net Web Api authorization filters, how can I access to parameters?

问题描述

我从Asp.Net Web API开始，这是我的问题:

I'am starting with Asp.Net Web API and here's my problem :

我实现了一个自定义授权过滤器，以检查我的消息头以查找API密钥.基于此API密钥，我检索了我的用户，然后我想看看他是否可以访问某些资源.我要检查的资源ID位于HTTP请求的参数上.但是当我使用AuthorizationFilter方法时，动作参数列表为空.

I implement a custom authorization filter to inspect my message header looking for an API Key. Based on this API Key, I retrieve my user and then I would like to see if he can have access to some resources. The resources ID I want to check is on the parameters of the HTTP request. But when I'am on the AuthorizationFilter method, the actions parameters list is empty.

我该怎么做?

如果我使用ActionFilter代替了授权过滤器，如何确定这将是第一个执行的过滤器?在全球范围内，如何指定过滤器的执行顺序?

If I used an ActionFilter in replacement of an authorization filter, how can I be sure that this will be the first filter executed ? And globally, how can I specify the executing order of filters ?

最后一个问题，是否可以在管道上添加一些我可以在任何过滤器上检索到的数据?类似于会话存储，但仅限于请求吗?

Last question, is it possible to add some data "on the pipe" that I could retrieve on any filter ? Something like a session store but limited to the request ?

感谢您的回复

推荐答案

授权属性在参数绑定运行之前运行，因此您(如您所见)不能使用ActionArguments集合.相反，您将需要使用请求uri作为查询参数，并使用路由数据获取uri参数，如下所示.

The authorization attributes run before parameter binding has run therefore you cannot (as you have seen) use the ActionArguments collection. Instead you will need to use the request uri for query parameters and route data for uri parameters as demonstrated below.

//request at http://localhost/api/foo/id?MyValue=1
public class MyAuthorizationAttribute : AuthorizeAttribute
{
    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        //will not work as parameter binding has not yet run
        object value;
        actionContext.ActionArguments.TryGetValue("id", out value);

        //Will get you the resource id assuming a default route like /api/foo/{id} 
        var routeData = actionContext.Request.GetRouteData();
        var myId = routeData.Values["id"] as string;

        //uri is still accessible so use this to get query params
        var queryString = HttpUtility.ParseQueryString(actionContext.Request.RequestUri.Query);
        var myQueryParam = queryString["MyValue"];

        //and so on
    }
}

关于执行顺序:

使用

There are 3 different ways of specifying the execution order of filters using the FilterScope Enumeration... scope being Global, Controller and Action. The AuthoriseAttribute is "Global" and therefore it

指定在Controller之前执行的操作.

Specifies an action before Controller.

如果您需要在这3个范围内指定执行顺序，则应阅读

If you needed to specify the execution order within these 3 scopes then you should read this blog article here where you will need to implement a FilterProvider

向管道添加一些数据:

在请求上使用属性集合，该集合在请求期间可用.

Use the properties collection on the request this collection is available for the duration of the request.

    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        actionContext.Request.Properties.Add("__MYKEY__","MyValue");

        //access this later in the controller or other action filters using
        var value = actionContext.Request.Properties["__MYKEY__"];

    }

这篇关于在Asp.net Web Api授权过滤器上，如何访问参数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！