如何在特定用户权限下调用 Web API? [英] How to call web API under specific user permission?
问题描述
我有一个函数,允许最终用户执行一个Workflow
(包含许多 API)或安排它作为后台作业运行.
I have a function that allows the end user to execute a Workflow
(containing many APIs) or schedule it to run as a background job.
示例:User1
创建 Workflow1
,其中包含 3 个 API(Api1
、Api2
、Api3
),并将其配置为每天上午 9 点运行.
Example: User1
creates Workflow1
, which contains 3 APIs (Api1
, Api2
, Api3
), and configures it to run at 9AM every day.
我使用 HttpClient
像这样调用每个 API:
I use HttpClient
to call each API like this:
var client = new HttpClient { BaseAddress = new Uri("http://localhost/") };
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = client.PostAsJsonAsync("/api/services/myApp/workflow/Api1?input=something", "").Result;
如何在用户未登录应用程序时将 User1
的凭据添加到请求中(因为它会作为计划作业自动运行)?
How do I add the credentials of User1
to the request while the user is not logged in to the application (because it will run automatically as a scheduled job)?
直接执行API的情况下,如何在特定权限下运行?
In the case of executing an API directly, how do I run it under a specific permission?
我已将代码放在 using
块中,但所有 API 均已成功触发:
I have put my code inside a using
block, but all APIs were fired successfully:
using (_session.Use(1, 3)) // 3 is the Id of User1, who has no permissions
{
// Execute operator
switch (input.Operator.Type)
{
case "api":
executeApiResult = await ExecuteApi(input);
break;
case "procedure":
executeApiResult = await ExecuteProcedure(input);
break;
default:
return new ExecuteOperatorOutput
{
Result = new ExecuteOperatorResult { Status = false, Message = $"Wrong operator type: {input.Operator.Type}" },
WorkflowStatus = false
};
}
}
推荐答案
直接执行API的情况下,如何在特定权限下运行?
In the case of executing an API directly, how do I run it under a specific permission?
您可以覆盖当前会话值和在 using
块内调用您的方法.
You can override current session values and call your method inside the using
block.
我已将代码放在 using
块中,但所有 API 均已成功触发
I have put my code inside a
using
block, but all APIs were fired successfully
将您的 API 方法声明为 public virtual
,因为 AbpAuthorize
.
Declare your API methods as public virtual
as there are some restrictions for AbpAuthorize
.
这篇关于如何在特定用户权限下调用 Web API?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!