的.NET Web API - 覆盖AuthorizationFilter [英] .Net Web Api - Override AuthorizationFilter
问题描述
您好我有一个MVC的Web站点内的Web API控制器。
我想,以允许访问使用2个规则的控制:
用户是管理员或请求从本地计算机来;
Hello I have a web api controller inside a mvc web site. I'm trying to allow access to the controller using 2 rules: User is admin or the request came from local computer;
我是新来的,但AuthorizationFilterAttribute我试着写一个限制访问
当地唯一的要求:
I'm new to AuthorizationFilterAttribute but I tried to write one that limit access to local request only:
public class WebApiLocalRequestAuthorizationFilter : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext == null)
{
throw new ArgumentNullException("httpContext");
}
if (actionContext.Request.IsLocal())
{
return;
}
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
actionContext.Response.Content = new StringContent("Username and password are missings or invalid");
}
}
然后我饰我的控制器2的属性。
Then I decorated my controller with 2 attributes as
[Authorize(Roles = "Admin")]
[WebApiLocalRequestAuthorizationFilter]
public class ContactController : ApiController
{
public ContactModel Get(int id)
{
ContactsService contactsService = new ContactsService();
return contactsService.GetContactById(id).Map<ContactModel>();
}
}
但正如我怀疑,现在,为了访问的控制我需要管理员和请求应当从本地主机作出。我该怎么办呢?
But as I suspected , now, in order to access the controller I need to be admin and the request should be made from localhost. How can I do it?
亲切的问候,
塔尔Humy
Kind regards, Tal Humy
推荐答案
一种解决方案是创建一个从AuthorizeAttribute继承的类
One solution is to create a class that inherits from AuthorizeAttribute
例如。像这样
public class MyAuthorizeAttribute: AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool accessAllowed = false;
bool isInGroup = false;
List<string> roleValues = Roles.Split(',').Select(rValue => rValue.Trim().ToUpper()).ToList();
foreach (string role in roleValues)
{
isInGroup = IdentityExtensions.UserHasRole(httpContext.User.Identity, role);
if (isInGroup)
{
accessAllowed = true;
break;
}
}
//add any other validation here
//if (actionContext.Request.IsLocal()) accessAllowed = true;
if (!accessAllowed)
{
//do some logging
}
return accessAllowed;
}
...
}
然后你可以使用它像这样:
Then you can use it like so:
[MyAuthorizeAttribute(角色=支持,管理员)]
[MyAuthorizeAttribute(Roles = "Support,Admin")]
在上面的code,对于IdentityExtensions检查和高速缓存,ActiveDirectory的角色,这也让我们可以通过改变其缓存角色假冒当前用户。
In the above code, IdentityExtensions checks for, and caches, ActiveDirectory roles which also allows us to fake the current user having roles by changing the cache.
这篇关于的.NET Web API - 覆盖AuthorizationFilter的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!