asp.net MVC自定义过滤器[RESTAuthorize]被忽略 [英] asp.net MVC Custom Filters [RESTAuthorize] is ignored
本文介绍了asp.net MVC自定义过滤器[RESTAuthorize]被忽略的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
[RESTAuthorization]
被忽略,而是跳转到代码中以获取所有国家/地区,而无需检查剩余授权"过滤器.
The [RESTAuthorization]
is being ignored and instead jump into the code to Get all the Country without checking for the Rest Authorization filter.
这是RESTAuthorization
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using MyWebsite.Repository;
namespace MyWebsite.API.Attributes
{
public class RESTAuthorizeAttribute : AuthorizeAttribute
{
private ISecurityRepository _repository;
public RESTAuthorizeAttribute()
: this(new SecurityRepository())
{
}
public RESTAuthorizeAttribute(ISecurityRepository repository)
{
_repository = repository;
}
private const string _securityToken = "token";
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (Authorize(filterContext))
{
return;
}
HandleUnauthorizedRequest(filterContext);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
base.HandleUnauthorizedRequest(filterContext);
}
private bool Authorize(AuthorizationContext actionContext)
{
try
{
HttpRequestBase request = actionContext.RequestContext.HttpContext.Request;
string token = request.Params[_securityToken];
string ip = _repository.GetIP(request);
return _repository.IsTokenValid(token, ip, request.UserAgent);
}
catch (Exception)
{
return false;
}
}
}
}
这是获取所有国家/地区的代码. RestAuthorize
被忽略
Here's the code for get all country. The RestAuthorize
is being ignore
[RESTAuthorize]
[HttpGet]
public IEnumerable<dtoCountry> GetAllCountry()
{
try
{
return _repository.GetAllCountry().ToList();
}
catch (UnauthorizedAccessException)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
catch (Exception)
{
throw new HttpResponseException(HttpStatusCode.InternalServerError);
}
}
推荐答案
public class Authorizetest: System.Web.Http.AuthorizeAttribute
{
private const string _securityToken = "token";
public override void OnAuthorization(HttpActionContext actionContext)
{
if(Authorize(actionContext))
{
return;
}
HandleUnauthorizedRequest(actionContext);
}
protected override void HandleUnauthorizedRequest(HttpActionContextactionContext)
{
base.HandleUnauthorizedRequest(actionContext);
}
private bool Authorize(HttpActionContext actionContext)
{
try
{
var context = new HttpContextWrapper(HttpContext.Current);
HttpRequestBase request = context.Request;
string token = request.Params[_securityToken];
bool xyz = ValidatingTokens.IsTokenValid(token,
CommonManager.GetIP(request), request.UserAgent);
return xyz;
}
catch (Exception)
{
return false;
}
}
}
这篇关于asp.net MVC自定义过滤器[RESTAuthorize]被忽略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文