自定义AuthorizeAttribute-端点不起作用
[英]Custom AuthorizeAttribute - Endpoint not work
问题描述
I'm very new to Asp.net Core, i hope someone can help to find the problem. 
我对Asp.net Core非常陌生,希望有人可以帮助您找到问题所在。 I have Created a Custom Authorize Attribute to check login data stored in appsettings.json The Authorize Attribute work (breakpoints hit, data correct). 我创建了一个自定义Authorize Attribute来检查存储在appsettings.json的登录数据Authorize Attribute工作(断点命中,数据正确)。 But after the check, the requested endpoint never hit. 但是检查之后,请求的端点永不命中。
I have tested if the endpoint is work without authorization . 我已经测试了端点是否在未经authorization情况下工作。 And yes it's work. 是的,这是工作。
In Startup.cs i load my Logins from appsettings.json and add it to the service as singleton. 在Startup.cs我从appsettings.json加载我的登录appsettings.json ,并将其作为单例添加到服务中。
LoginModel[] logins = Configuration.GetSection("LoginUsers").Get<LoginModel[]>();
Settings setting = new Settings();
setting.LoginModels = logins;
services.AddSingleton(setting);
My AuthorizeAttribute: 我的AuthorizeAttribute:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
public class MyAuthorizeAttribute : AuthorizeAttribute, IAuthorizationFilter
{
public MyAuthorizeAttribute()
{
}
public void OnAuthorization(AuthorizationFilterContext context)
{
// get username and password from header
string authHeader = context.HttpContext.Request.Headers["Authorization"];
string encodedUsernamePassword = authHeader.Substring("Basic ".Length).Trim();
Encoding encoding = Encoding.GetEncoding("iso-8859-1");
string usernamePassword = encoding.GetString(Convert.FromBase64String(encodedUsernamePassword));
int seperatorIndex = usernamePassword.IndexOf(':');
var username = usernamePassword.Substring(0, seperatorIndex);
var password = usernamePassword.Substring(seperatorIndex + 1);
var services = context.HttpContext.RequestServices;
var settings = services.GetService<Settings>();
var loginfound = settings.LoginModels.Where(x => x.Username == username && x.Password == password).FirstOrDefault();
if (loginfound == null)
{
context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.Forbidden);
}
}
}
My Controller: 我的控制器:
[Route("api/[controller]")]
[ApiController]
[MyAuthorize]
public class SettingsController : ControllerBase
{
[HttpGet("checkLogin")]
public IActionResult CheckLogin()
{
return Ok(true);
}
}
My endpoint is not work anymore. 我的端点不再工作了。 What am I doing wrong? 我究竟做错了什么? I dont have any errors. 我没有任何错误。
1 个解决方案
解决方案1
1 已采纳 2019-09-11 19:18:52
For using your own authorize logic with IAuthorizationFilter, you should not use with AuthorizeAttribute which will check the Authentication with default authentication schema. 若要将自己的授权逻辑与IAuthorizationFilter一起使用,则不应与AuthorizeAttribute一起使用,后者将使用默认身份验证架构检查Authentication。
Reference Tao Zhou's answer here: Asp.Net Core 2.1 - Authorize based on content in request 参考Tao Zhou的答案: Asp.Net Core 2.1-根据请求中的内容进行授权
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.