[英]How to get cookies from HttpActionContext on AuthorizeAttribute custom class?
我正在验证存储在 cookie 上的令牌,所以我创建了一个类
public class VIEWAuthorizeAttribute : AuthorizeAttribute
然后我覆盖了 OnAuthorization 类
public override void OnAuthorization(AuthorizationContext filterContext)
{
var cookie = filterContext.HttpContext.Request.Cookies.Get("Profile"); //This is working
if (cookie != null && IsValidToken(cookie["Token"]))
{
return;
}
HandleUnauthorizedRequest(filterContext);
}
这适用于 MVC 控制器,但当我尝试对 Web api 控制器执行类似操作时,我无法从请求中获取 cookie。
public override void OnAuthorization(HttpActionContext actionContext)
{
var foo = actionContext.Request.Headers.Cookies; //that is not working
if (Authorize(actionContext))
{
return;
}
HandleUnauthorizedRequest(actionContext);
}
actionContext.Request.Headers没有方法Cookies ,我也试过像这个答案一样使用actionContext.Request.Headers.GetCookies("Bar") ,但是 Header 没有那个GetCookies方法。
任何的想法?
string Authentication = string.Empty;
if (actionContext.Request.Headers.Contains("Cookie_Phone"))
{
Authentication = actionContext.Request.Headers.GetValues("Cookie_Phone")?.FirstOrDefault();
}
要使用此扩展方法,需要命名空间System.Net.Http 。
另外,请注意GetCookies(string name)是一种扩展方法,它返回请求中存在的任何 cookie 标头,其中包含名称与指定值匹配的 cookie 状态。 它返回一个包含CookieHeaderValue实例集合的CookieValueCollection 。 因此,您需要额外的枚举来按包含值的名称获取CookieState 。
这是有效的代码:
public async Task AuthenticateAsync(
HttpAuthenticationContext context,
CancellationToken cancellationToken)
{
var request = context.Request;
var token = request.Headers
.GetCookies("token").FirstOrDefault()
?.Cookies.FirstOrDefault(x=>x.Name == "token")
?.Value;
if (string.IsNullOrEmpty(token))
{
context.ErrorResult = new AuthenticationFailureResult(
"The token is missing.",
request);
return;
}
var principal = await SomeAuthentication(token);
if (principal == null)
{
context.ErrorResult = new AuthenticationFailureResult(
"The principal has not been resolved.",
request);
return;
}
context.Principal = principal;
}
如何从Controller到Custom AuthorizeAttribute类获取角色名称?
[英]How to get the name of the role from the Controller to the Custom AuthorizeAttribute class?
如何从自定义AuthorizeAttribute返回带有模型的PartialView
[英]How to return PartialView with model from custom AuthorizeAttribute
如何从自定义AuthorizeAttribute重定向到actionresult
[英]How do you redirect to an actionresult from a custom AuthorizeAttribute
如何从数据库获取用户角色以填充AuthorizeAttribute
[英]How can I get a users role from DB to populate the AuthorizeAttribute
如何在自定义AuthorizeAttribute中允许[Authorize]
[英]How to allow [Authorize] inside a custom AuthorizeAttribute
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.