asp.net MVC自定义过滤器[RESTAuthorize]被忽略 [英] asp.net MVC Custom Filters [RESTAuthorize] is ignored

查看:258
本文介绍了asp.net MVC自定义过滤器[RESTAuthorize]被忽略的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

[RESTAuthorization]被忽略,而是跳转到代码中以获取所有国家/地区,而无需检查剩余授权"过滤器.

The [RESTAuthorization] is being ignored and instead jump into the code to Get all the Country without checking for the Rest Authorization filter.

这是RESTAuthorization 

using System; 
using System.Collections.Generic; 
using System.Linq; 
using System.Web; 
using System.Web.Mvc; 
using MyWebsite.Repository;

namespace MyWebsite.API.Attributes
{
    public class RESTAuthorizeAttribute : AuthorizeAttribute
    {
        private ISecurityRepository _repository;

        public RESTAuthorizeAttribute()
            : this(new SecurityRepository())
        {

        }

        public RESTAuthorizeAttribute(ISecurityRepository repository)
        {
            _repository = repository;
        }

        private const string _securityToken = "token";

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            if (Authorize(filterContext))
            {
                return;
            }

            HandleUnauthorizedRequest(filterContext);
        }

        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            base.HandleUnauthorizedRequest(filterContext);
        }

        private bool Authorize(AuthorizationContext actionContext)
        {
            try
            {
                HttpRequestBase request = actionContext.RequestContext.HttpContext.Request;
                string token = request.Params[_securityToken];
                string ip = _repository.GetIP(request);

                return _repository.IsTokenValid(token, ip, request.UserAgent);
            }
            catch (Exception)
            {
                return false;
            }
        }
    }
}

这是获取所有国家/地区的代码. RestAuthorize被忽略

Here's the code for get all country. The RestAuthorize is being ignore

[RESTAuthorize]
[HttpGet]
public IEnumerable<dtoCountry> GetAllCountry()
{
    try
    {
        return _repository.GetAllCountry().ToList();
    }
    catch (UnauthorizedAccessException)
    {
        throw new HttpResponseException(HttpStatusCode.Unauthorized);
    }
    catch (Exception)
    {
        throw new HttpResponseException(HttpStatusCode.InternalServerError);
    }
}

推荐答案

 public class Authorizetest: System.Web.Http.AuthorizeAttribute
{
    private const string _securityToken = "token"; 
    public override void OnAuthorization(HttpActionContext actionContext)
    {

       if(Authorize(actionContext))
        {
            return;
        }
        HandleUnauthorizedRequest(actionContext);  
    }

    protected override void HandleUnauthorizedRequest(HttpActionContextactionContext)
    {
        base.HandleUnauthorizedRequest(actionContext);
    }

    private bool Authorize(HttpActionContext actionContext)
    {         
        try
        {                           
            var context = new HttpContextWrapper(HttpContext.Current);
            HttpRequestBase request = context.Request;              
            string token = request.Params[_securityToken];
            bool xyz = ValidatingTokens.IsTokenValid(token, 
            CommonManager.GetIP(request), request.UserAgent);
            return xyz;
        }
        catch (Exception)
        {
            return false;
        }
    }
}

这篇关于asp.net MVC自定义过滤器[RESTAuthorize]被忽略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆