如何在AuthorAttribute的ASP.NET Web.API MVC 5的IsAuthorized上获取Post参数

Question

I need to get values of my Post Parameters at the time of Authorization. 我需要在授权时获取我的帖子参数的值。 Searchers on web but no solution is working. 网络上的搜索者但没有解决方案正在运作。 ActionArguments count always showing 0 and not able to find values in ActionDescriptor.GetParameters() ActionArguments计数始终显示0并且无法在ActionDescriptor.GetParameters()查找值

Here is my code: 这是我的代码：

POST model - POST模型 -

public class XyzModel
{
   public int Prop1 { get; set; }
   public string Prop2 { get; set; }
}

Custom Authorize Attribute - 自定义授权属性 -

public class CustomAuthorizeAttribute  : AuthorizeAttribute
{
   protected override bool IsAuthorized(HttpActionContext actionContext)
   {    
     bool conditions = // here I need to check value of my model (XyzModel) properties 
    if(conditions)
    {
       return true;
    }

      return false;
    }        
}

Code in controller - 控制器中的代码 -

[HttpPost]
[CustomAuthorizeAttribute]       
public IHttpActionResult MyAction(XyzModel model)
{
    // my work here
}

Any suggestion? 有什么建议吗？

Answer 1

You can access model property of ActionArguments it will return XyzModel object. 您可以访问ActionArguments的模型属性，它将返回XyzModel对象。 than you can perform any operation on its properties: 您可以对其属性执行任何操作：

XyzModel model = (XyzModel)actionContext.ActionArguments["model"];

In your code it will be like this: 在你的代码中它将是这样的：

public class CustomAuthorizeAttribute  : AuthorizeAttribute
{
    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        var prop1 = HttpContext.Current.Request.Params["Prop1"];
        var prop2 = HttpContext.Current.Request.Params["Prop2"];
        bool conditions = // add conditions based on above properties
        if(conditions)
        {
            return true;
        }

        return false;
    }        
}

Answer 2

I believe, you will not get post parameter value in AuthorizeAttribute as AuthorizeAttribute methods are called before action's parameter binding. 我相信，你不会在AuthorizeAttribute获得post参数值，因为在action的参数绑定之前调用AuthorizeAttribute方法。

For your scenario, you can use ActionFilterAttribute which executes only after action's parameter binding. 对于您的方案，您可以使用仅在操作的参数绑定后执行的ActionFilterAttribute 。 You can create your custom filter attribute by using ActionFilterAttribute 您可以使用ActionFilterAttribute创建自定义过滤器属性

using System.Web.Http.Controllers;
using System.Web.Http.Filters;

public class CheckMyPostDataFilter : ActionFilterAttribute
{
    public override void OnActionExecuting(HttpActionContext actionContext)
    {
        XyzModel model = (XyzModel )actionContext.ActionArguments["model"]; // you will get data here 

        base.OnActionExecuting(actionContext);
    }
}

You can simply decorate above CheckMyPostDataFilter filter in your action : 您可以在操作中简单地在CheckMyPostDataFilter过滤器上方CheckMyPostDataFilter装饰：

[HttpPost]
[CheckMyPostData]       
public IHttpActionResult MyAction(XyzModel model)
{
    // my work here
}

Answer 3

You can use Request Body Input Stream to read the entire Body content as below 您可以使用Request Body Input Stream来读取整个Body内容，如下所示

public sealed class CustomAuthorizeAttribute : AuthorizeAttribute
{
    protected override bool IsAuthorized(HttpActionContext actionContext)
    {
        var req = HttpContext.Current.Request.InputStream;
        string body = new StreamReader(req).ReadToEnd();
    }
}

如何在AuthorAttribute的ASP.NET Web.API MVC 5的IsAuthorized上获取Post参数

问题描述

3 个解决方案

解决方案1
4 已采纳 2017-03-08 06:07:01

解决方案2
3 2017-03-08 06:14:03

解决方案3
2 2017-06-15 19:40:10

如何在AuthorAttribute的ASP.NET Web.API MVC 5的IsAuthorized上获取Post参数

问题描述

3 个解决方案

解决方案1 4 已采纳 2017-03-08 06:07:01

解决方案2 3 2017-03-08 06:14:03

解决方案3 2 2017-06-15 19:40:10

解决方案1
4 已采纳 2017-03-08 06:07:01

解决方案2
3 2017-03-08 06:14:03

解决方案3
2 2017-06-15 19:40:10