1. 首頁
  2. 問答
  3. Web API中的自定義授權屬性

Web API中的自定義授權屬性

2017-04-04 70 views
1

我想在web api控制器中創建我的自定義授權,以檢查用戶以及它的活動用戶的角色。到目前爲止,這是我的代碼,我還不知道如何在這些代碼中重寫。 謝謝!您的幫助表示讚賞:DWeb API中的自定義授權屬性

using Avanza.Conference.Persistence; 
using System.Net; 
using System.Net.Http; 
using System.Web.Http; 
using System.Web.Http.Controllers; 

namespace Avanza.Conference.Core.Extensions 
{ 
    public class CustomAuthorizeAttribute : AuthorizeAttribute 
    { 
     ApplicationDbContext _context = new ApplicationDbContext(); // my entity 

     public override void OnAuthorization(HttpActionContext actionContext) 
     { 

      //Sample on what to do here?? 
      if (AuthorizeRequest(actionContext)) 
      { 

       return; 

      } 

      HandleUnauthorizedRequest(actionContext); 

     } 

     protected override void HandleUnauthorizedRequest(HttpActionContext actionContext) 
     { 

      //Code to handle unauthorized request 
      var challengeMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized); 
      challengeMessage.Headers.Add("WWW-Authenticate", "Basic"); 
      throw new HttpResponseException(challengeMessage); 

     } 

     private bool AuthorizeRequest(HttpActionContext actionContext) 
     { 

      //Sample on what to do here?? 

      return true; 

     } 

    } 
}

來源

2017-04-04 Kenneth Avecilla

回答

1

以下是您需要的示例,此檢查請求包含authenticationtoken,然後只允許執行請求。你可以在這裏檢查你的會話是否可用來檢查用戶是否登錄。

public class CustomAuthorize : System.Web.Http.AuthorizeAttribute 
{ 
    public override void OnAuthorization({ 
      System.Web.Http.Controllers.HttpActionContext actionContext) 
    private readonly string Resource {get; set; }base.OnAuthorization(actionContext); 
     if (actionContext.Request.Headers.GetValues("authenticationToken") != null) 
      string authenticationToken =public Convert.ToStringCustomAuthorize(
      string resource, string actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault()action); 
      //authenticationTokenPersistant{ 
      // it is saved in someResource data= storeresource; 
      // i will compare the authenticationToken sent byAction client= withaction; 
      // authenticationToken persist in database against specific user, and act accordingly} 
      public override ifvoid OnAuthorization(authenticationTokenPersistant != authenticationToken) 
      { 
       HttpContextSystem.CurrentWeb.ResponseHttp.AddHeader("authenticationToken",Controllers.HttpActionContext authenticationTokenactionContext); 
       HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");{ 
       actionContext.Response = actionContext.Requestbase.CreateResponseOnAuthorization(HttpStatusCode.ForbiddenactionContext); 
       return; 
      } 

//Check your post authorization logic using Resource HttpContext.Current.Response.AddHeader("authenticationToken",and authenticationToken);Action 
     HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized"); 
    //Your logic here to return return; 
authorize or unauthorized response } 
    actionContext.Response = 
     actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);} 
    actionContext.Response.ReasonPhrase = "Please provide valid inputs"; 
}

來源

2017-04-04 09:44:05

+0

即時通訊尋找授權不認證,但仍然感謝你試圖幫助。 –

相關問題

 相關問題