OnAuthorization后自定义AuthorizeAttribute抛出错误

时间:2018-02-27 15:10:42

标签: c# asp.net-mvc asp.net-core-mvc-2.0

我想做一个自定义AuthorizeAttribute。我想使用IMemoryCache来存储令牌,我正在使用自定义提供程序来注入IMemoryCache实例。我的问题是在OnAuthorization方法之后,它不会被称为我的控制器的操作,它会抛出一个我无法捕获的内部服务器错误。

这是迄今为止的实施

public class ApiAuthorizeAttribute : AuthorizeAttribute, IAuthorizationFilter
{
    public IMemoryCache Cache { get; set; }

    /// <summary>
    /// Verifica se o token é válido na sessão
    /// </summary>
    /// <param name="httpContext"></param>
    /// <returns></returns>
    public void OnAuthorization(AuthorizationFilterContext context)
    {
        //Check we have a valid HttpContext
        if (context.HttpContext == null)
            throw new ArgumentNullException("httpContext");

        string token;

        token = context.HttpContext.Request.QueryString.Value;
        if (String.IsNullOrEmpty(token))
            token = context.HttpContext.Request.Form["token"];

        if (String.IsNullOrEmpty(token))
        {
            context.Result = new UnauthorizedResult();
            return;
        }

        if (Cache == null)
        {
            context.Result = new UnauthorizedResult();
            return;
        }

        if (token.Contains("="))
        {
            token = token.Split('=')[1];
        }

        var tokens = Cache.Get<Dictionary<string, User>>("tokens");
        var result = (from t in tokens where t.Key == token select t.Value).ToList();

        var controller = (string)context.RouteData.Values["controller"];
        var action = (string)context.RouteData.Values["action"];

        if (result.Count < 1)
            context.Result = new UnauthorizedResult();

    }

}



    public class CacheProvider : IApplicationModelProvider
{
    private IMemoryCache _cache;

    public CacheProvider(IMemoryCache cache)
    {
        _cache = cache;
    }
    public int Order { get { return -1000 + 10; } }

    public void OnProvidersExecuted(ApplicationModelProviderContext context)
    {
        foreach (var controllerModel in context.Result.Controllers)
        {
            // pass the depencency to controller attibutes
            controllerModel.Attributes
                .OfType<ApiAuthorizeAttribute>().ToList()
                .ForEach(a => a.Cache = _cache);

            // pass the dependency to action attributes
            controllerModel.Actions.SelectMany(a => a.Attributes)
                .OfType<ApiAuthorizeAttribute>().ToList()
                .ForEach(a => a.Cache = _cache);
        }
    }

    public void OnProvidersExecuting(ApplicationModelProviderContext context)
    {
        // intentionally empty
    }
}

这是控制器

    [ApiAuthorize]
    [HttpPost]
    public JsonResult Delete([FromForm] string inputId)
    {
        //Do stuff
    }

提前感谢

1 个答案:

答案 0 :(得分:0)

经过一番挖掘,我发现这样做,我不知道这是否是实现这一目标的最佳途径

我创建了一项政策要求

public class TokenRequirement :  IAuthorizationRequirement
{

}

AuthorizationHandler

    public class TokenRequirementHandler : AuthorizationHandler<TokenRequirement>
{
    public IMemoryCache Cache { get; set; }

    public TokenRequirementHandler(IMemoryCache memoryCache)
    {
        Cache = memoryCache;
    }

    protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, TokenRequirement requirement)
    {
        return Task.Run(() => { //access the cache and then
        context.Succeed(requirement); });
    }
}

在我的Startup上,我注册了处理程序并添加了授权

        services.AddAuthorization(options =>
        {
            options.AddPolicy("Token",
                policy => policy.Requirements.Add(new Authorize.TokenRequirement()));
        });


        services.AddSingleton<IAuthorizationHandler, Authorize.TokenRequirementHandler>();

在控制器中,我使用了Authorize属性

    [Authorize(Policy = "Token")]
    [HttpPost]
    public JsonResult Delete([FromForm] string inputId)
    {
       //Do stuff
    }

现在它有效。 谢谢。