1. 首页
  2. 问答
  3. Web API中的自定义授权属性

Web API中的自定义授权属性

2017-04-04 105 views
1

我想在web api控制器中创建我的自定义授权,以检查用户以及它的活动用户的角色。到目前为止,这是我的代码,我还不知道如何在这些代码中重写。 谢谢!您的帮助表示赞赏:DWeb API中的自定义授权属性

using Avanza.Conference.Persistence; 
using System.Net; 
using System.Net.Http; 
using System.Web.Http; 
using System.Web.Http.Controllers; 

namespace Avanza.Conference.Core.Extensions 
{ 
    public class CustomAuthorizeAttribute : AuthorizeAttribute 
    { 
     ApplicationDbContext _context = new ApplicationDbContext(); // my entity 

     public override void OnAuthorization(HttpActionContext actionContext) 
     { 

      //Sample on what to do here?? 
      if (AuthorizeRequest(actionContext)) 
      { 

       return; 

      } 

      HandleUnauthorizedRequest(actionContext); 

     } 

     protected override void HandleUnauthorizedRequest(HttpActionContext actionContext) 
     { 

      //Code to handle unauthorized request 
      var challengeMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized); 
      challengeMessage.Headers.Add("WWW-Authenticate", "Basic"); 
      throw new HttpResponseException(challengeMessage); 

     } 

     private bool AuthorizeRequest(HttpActionContext actionContext) 
     { 

      //Sample on what to do here?? 

      return true; 

     } 

    } 
}

来源

2017-04-04 Kenneth Avecilla

回答

1

以下是您需要的示例,此检查请求包含authenticationtoken,然后只允许执行请求。你可以在这里检查你的会话是否可用来检查用户是否登录。

public class CustomAuthorize : System.Web.Http.AuthorizeAttribute 
{ 
    public override void OnAuthorization({ 
      System.Web.Http.Controllers.HttpActionContext actionContext) 
    private readonly string Resource {get; set; }base.OnAuthorization(actionContext); 
     if (actionContext.Request.Headers.GetValues("authenticationToken") != null) 
      string authenticationToken =public Convert.ToStringCustomAuthorize(
      string resource, string actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault()action); 
      //authenticationTokenPersistant{ 
      // it is saved in someResource data= storeresource; 
      // i will compare the authenticationToken sent byAction client= withaction; 
      // authenticationToken persist in database against specific user, and act accordingly} 
      public override ifvoid OnAuthorization(authenticationTokenPersistant != authenticationToken) 
      { 
       HttpContextSystem.CurrentWeb.ResponseHttp.AddHeader("authenticationToken",Controllers.HttpActionContext authenticationTokenactionContext); 
       HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");{ 
       actionContext.Response = actionContext.Requestbase.CreateResponseOnAuthorization(HttpStatusCode.ForbiddenactionContext); 
       return; 
      } 

//Check your post authorization logic using Resource HttpContext.Current.Response.AddHeader("authenticationToken",and authenticationToken);Action 
     HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized"); 
    //Your logic here to return return; 
authorize or unauthorized response } 
    actionContext.Response = 
     actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);} 
    actionContext.Response.ReasonPhrase = "Please provide valid inputs"; 
}

来源

2017-04-04 09:44:05

+0

即时通讯寻找授权不认证,但仍然感谢你试图帮助。 –

相关问题

 相关问题