Web API 中的自定义授权属性 [英] Custom Authorize Attribute in Web API
本文介绍了Web API 中的自定义授权属性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想在 web api 控制器中创建我的自定义授权以检查用户的角色及其活动用户.到目前为止,这是我的代码,我还不知道如何/在此代码中覆盖什么.谢谢!感谢您的帮助:D
I want to create my custom authorization in web api controller to check the roles of the user and if its active user. So far this is my code and I don't know yet how/what to override in this codes. Thanks! your help is appreciated :D
using Avanza.Conference.Persistence;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Controllers;
namespace Avanza.Conference.Core.Extensions
{
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
ApplicationDbContext _context = new ApplicationDbContext(); // my entity
public override void OnAuthorization(HttpActionContext actionContext)
{
//Sample on what to do here??
if (AuthorizeRequest(actionContext))
{
return;
}
HandleUnauthorizedRequest(actionContext);
}
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
//Code to handle unauthorized request
var challengeMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized);
challengeMessage.Headers.Add("WWW-Authenticate", "Basic");
throw new HttpResponseException(challengeMessage);
}
private bool AuthorizeRequest(HttpActionContext actionContext)
{
//Sample on what to do here??
return true;
}
}
}
推荐答案
这是您需要的示例,此检查请求包含 authenticationtoken 然后只允许执行请求.您可以在这里检查您的会话是否可用以检查用户是否登录.
Here is the sample you required, this check the request contains the authenticationtoken then only allow to execute the request. you can here check your session is available to check user logged in or not.
public class CustomAuthorize : System.Web.Http.AuthorizeAttribute
{
public override void OnAuthorization({
System.Web.Http.Controllers.HttpActionContext actionContext)
private readonly string Resource {get; set; }base.OnAuthorization(actionContext);
if (actionContext.Request.Headers.GetValues("authenticationToken") != null)
string authenticationToken =public Convert.ToStringCustomAuthorize(
string resource, string actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault()action);
//authenticationTokenPersistant{
// it is saved in someResource data= storeresource;
// i will compare the authenticationToken sent byAction client= withaction;
// authenticationToken persist in database against specific user, and act accordingly}
public override ifvoid OnAuthorization(authenticationTokenPersistant != authenticationToken)
{
HttpContextSystem.CurrentWeb.ResponseHttp.AddHeader("authenticationToken",Controllers.HttpActionContext authenticationTokenactionContext);
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");{
actionContext.Response = actionContext.Requestbase.CreateResponseOnAuthorization(HttpStatusCode.ForbiddenactionContext);
return;
}
//Check your post authorization logic using Resource HttpContext.Current.Response.AddHeader("authenticationToken",and authenticationToken);Action
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized");
//Your logic here to return return;
authorize or unauthorized response }
actionContext.Response =
actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);}
actionContext.Response.ReasonPhrase = "Please provide valid inputs";
}
这篇关于Web API 中的自定义授权属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
