如何在特定用户权限下调用Web API? [英] How to call web API under specific user permission?
问题描述
我有一个功能,允许最终用户执行Workflow
(包含许多API)或安排它作为后台作业运行.
I have a function that allows the end user to execute a Workflow
(containing many APIs) or schedule it to run as a background job.
示例:User1
创建Workflow1
,其中包含3个API(Api1
,Api2
,Api3
),并将其配置为每天9AM运行.
Example: User1
creates Workflow1
, which contains 3 APIs (Api1
, Api2
, Api3
), and configures it to run at 9AM every day.
我使用HttpClient
这样调用每个API:
I use HttpClient
to call each API like this:
var client = new HttpClient { BaseAddress = new Uri("http://localhost/") };
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = client.PostAsJsonAsync("/api/services/myApp/workflow/Api1?input=something", "").Result;
当用户未登录到应用程序时(因为它将作为计划的作业自动运行),如何在请求中添加User1
的凭据?
How do I add the credentials of User1
to the request while the user is not logged in to the application (because it will run automatically as a scheduled job)?
我决定使用反射调用字符串名称的API .
在直接执行API的情况下,如何在特定权限下运行它?
In the case of executing an API directly, how do I run it under a specific permission?
我已将代码放入using
块中,但所有API均已成功触发:
I have put my code inside a using
block, but all APIs were fired successfully:
using (_session.Use(1, 3)) // 3 is the Id of User1, who has no permissions
{
// Execute operator
switch (input.Operator.Type)
{
case "api":
executeApiResult = await ExecuteApi(input);
break;
case "procedure":
executeApiResult = await ExecuteProcedure(input);
break;
default:
return new ExecuteOperatorOutput
{
Result = new ExecuteOperatorResult { Status = false, Message = $"Wrong operator type: {input.Operator.Type}" },
WorkflowStatus = false
};
}
}
推荐答案
在直接执行API的情况下,如何在特定权限下运行它?
In the case of executing an API directly, how do I run it under a specific permission?
您可以覆盖当前会话值,然后在using
块中调用您的方法.
You can override current session values and call your method inside the using
block.
我已将代码放入
using
块中,但所有API均已成功触发
I have put my code inside a
using
block, but all APIs were fired successfully
将您的API方法声明为public virtual
,因为 AbpAuthorize
.
Declare your API methods as public virtual
as there are some restrictions for AbpAuthorize
.
这篇关于如何在特定用户权限下调用Web API?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!