堆栈内存溢出
  简体   繁体   English

Asp.Net WebApi上的自定义授权属性

[英]Custom Authorization Attribute on Asp.Net WebApi

 原文  2012-04-30 05:44:31       c#/ asp.net-web-api/ restful-authentication

问题描述

How do I return a value when a user is Authorized using ASP.Net Web Api? 使用ASP.Net Web Api授权用户时如何返回值? I tried overriding the OnAuthorize on the Authorize Attribute but the method type is 'void' so I can't return any value or should I append the values I want on the header as a response header? 我尝试覆盖授权属性上的OnAuthorize,但方法类型是'void',所以我不能返回任何值,或者我应该在标题上附加我想要的值作为响应头?

Here's something I want to achieve : 这是我想要达到的目标:

  1. User pass the api key and shared secret 用户传递api密钥和共享密钥
  2. When the user is authorize, the custom attribute will return the User's Id and Name 当用户进行授权时,自定义属性将返回用户的ID和名称
  3. The Id will be used to be pass around Rest Methods as parameter Id将用于传递Rest Methods作为参数

1 个解决方案

解决方案1
 4  2012-05-20 17:32:54

this code sample might help you. 此代码示例可能对您有所帮助。 

public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
    base.OnAuthorization(actionContext);
    IManageUsers manageUser = new ManageUsers();
    //get authentication token from header + email
    string authenticationToken = string.Empty;
    string email = string.Empty;
    if (actionContext.Request.Headers.GetValues("email") != null && (!string.IsNullOrEmpty(Convert.ToString(actionContext.Request.Headers.GetValues("email").FirstOrDefault()))))
    {
        if (actionContext.Request.Headers.GetValues("authenticationToken") != null && (!string.IsNullOrEmpty(Convert.ToString(actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault()))))
        {
            authenticationToken = Convert.ToString(actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault());
            email = Convert.ToString(actionContext.Request.Headers.GetValues("email").FirstOrDefault());
            //check if user is activated 
            User user = manageUser.GetByEmail(email);
            if (user != null)
            {
                //if user is not authentication
                if (user.AuthenticationStatus != AuthenticationStatus.Authenticated)
                {
                    HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthenticated");
                    actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
                    return;
                }

                //user is authentication, now check authorization
                string authenticationTokenPersistant = user.AuthorizationToken;
                //if length is not equal to the saved token
                var authenticationTokenEncrypted = manageUser.EncryptAuthenticationTokenAes(authenticationTokenPersistant, user.Key, user.IV);
                if (authenticationToken != authenticationTokenEncrypted)
                {
                    HttpContext.Current.Response.AddHeader("Email", email);
                    HttpContext.Current.Response.AddHeader("authenticationToken", authenticationToken);
                    HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");
                    actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
                    HttpContext.Current.Response.AddHeader("ErrorMessage", "Invalid token");
                    return;
                }

                HttpContext.Current.Response.AddHeader("Email", email);
                HttpContext.Current.Response.AddHeader("authenticationToken", authenticationToken);
                HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized");
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK);
            }
            else
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.PreconditionFailed);
                HttpContext.Current.Response.AddHeader("ErrorMessage", "Email does not exist");
                return;
            }
        }
        else
        {
            actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.PreconditionFailed);
            HttpContext.Current.Response.AddHeader("ErrorMessage", "Please provide authentication token");
            return;
        }
    }
    else
    {
        actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.PreconditionFailed);
        HttpContext.Current.Response.AddHeader("ErrorMessage", "Please provide email address");
        return;
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 带有 ASP.NET 标识的自定义授权属性 - Custom Authorization attribute with ASP.NET Identity 自定义授权属性asp.net core - Custom Authorization attribute asp.net core 自定义授权属性 ASP.NET WebApi - Null 角色 - Custom Authorization Atribute ASP.NET WebApi - Null Roles asp.net webapi动态授权 - asp.net webapi dynamic authorization ASP.NET Web API 2 自定义授权和授权属性 - ASP.NET Web API 2 Custom Authorization and Authorize Attribute ASP.Net WebApi 2示例文本属性 - ASP.Net WebApi 2 sample text attribute ASP.Net MVC 4 WebAPI自定义路由 - ASP.Net MVC 4 WebAPI Custom Routing 基于资源的ASP.NET授权FormsAuthentication和WebApi - Resource based ASP.NET Authorization FormsAuthentication and WebApi 用户或管理员的ASP.Net Core WebAPI授权策略 - ASP.Net Core WebAPI Authorization Policy for User or Admin WebApi自定义授权属性不起作用 - WebApi custom authorization attribute not working
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM