WebApi自定义授权属性
[英]WebApi Custom Authorize attribute
问题描述
I've been grindign me head over this one. 
我一直在抱怨这个。 I've been trying to implement a custom authorize attribute for a WebApi. 我一直在尝试为WebApi实现自定义授权属性。 I've read multiple articles on how to do this, but for some reason the authorization is never executed. 我已经阅读了多篇有关如何执行此操作的文章,但是由于某些原因,从未执行过授权。
public class ActivityAuthorizeWebApiAttribute : System.Web.Http.AuthorizeAttribute
{
private string[] Activities { get; set; }
public string Activity
{
set
{
this.Activities = value.Split(',').Select(x => x.Trim()).ToArray();
}
get { return string.Join(",", this.Activities); }
}
public ActivityAuthorizeWebApiAttribute()
{
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var principalUser = HttpContext.Current.User;
if (principalUser == null || !principalUser.Identity.IsAuthenticated)
{
return false;
}
if (!principalUser.Activities().Any())
{
var activityProvider = (IActivityProvider)GlobalConfiguration.Configuration.DependencyResolver.GetService(typeof(IActivityProvider));
var activities = activityProvider.GetActivitiesByRoleId(principalUser.Identity.GetUserId());
principalUser.SetActivities(activities);
}
return principalUser.HasAnyActivity(this.Activities.ToList());
//check your permissions
}
}
As i can see i'm inheriting from the correct AuthorizeAtribute, not the mvc one. 如我所见,我从正确的AuthorizeAtribute继承,而不是从mvc继承。 But the IsAuthorized method is never called. 但是从不调用IsAuthorized方法。 The controller action 控制器动作
[ActivityAuthorizeWebApi(Activity = "Home")]
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
Could it be because of the combination with the bearer token Authentication? 可能是由于与承载令牌身份验证结合使用的缘故?
Edit: I've even tried just this code: 编辑:我什至尝试了以下代码:
public class CustomAuthorize : System.Web.Http.AuthorizeAttribute
{
}
As custom code, and not authorze is executed. 作为自定义代码,不执行authorze。
1 个解决方案
解决方案1
0 2016-02-05 08:18:39
You need to be hooking into the following methods when you create a custom attribute : 创建自定义属性时,您需要使用以下方法:
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
private bool AuthorizeRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
Its the OnAuthorization Method that youneed to override and perform your security logic. 您需要重写和执行安全逻辑的OnAuthorization方法。 You can get the User from the actionContext in the signature method. 您可以在签名方法中从actionContext获取用户。
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (AuthorizeRequest(actionContext))
{
return;
}
HandleUnauthorizedRequest(actionContext);
}
protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
//Code to handle unauthorized request
}
private bool AuthorizeRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
//Write your code here to perform authorization
return true;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.