使用自定义属性检查用户访问权

时间:2013-07-24 21:24:43

标签: c# wcf

在会话中拥有用户信息,如何检查会话并允许根据提供的值之一访问使用自定义属性修饰的方法。

所以我要做的是:

public class UserAccess: System.Attribute
{
    private string userRole;   

    public UserAccess(string userRole)
    {
        this.userRole = userRole;

    }
}

然后当我装饰这样的端点时:

[UserAccess(userRole = "Residents")]
public Response Get(Request r){
    ///-- Implementation
}

以某种方式调用端点时,只有userRole = "Residents"可以基于会话值检查实际执行它。此外,可以在自定义属性实现中完成此验证吗?

3 个答案:

答案 0 :(得分:18)

所以其他人都是对的,这些属性本身没有任何作用。在服务调用的生命周期中,您必须特意获取元数据。

这样做的最佳方式是自动神奇地完成并且并非总是直接在每个操作中添加检查器和服务行为。最初进行设置需要做的工作要多得多,但它可以从您的直接操作代码中获取,并且可以应用于检查该自定义属性的任何操作。

基本上你有这样的属性:

namespace MyCustomExtensionService
{
    public class UserAccessAttribute : System.Attribute
    {
        private string _userRole;

        public UserAccessAttribute(string userRole)
        {
            _userRole = userRole;

            //you could also put your role validation code in here

        }

        public string GetUserRole()
        {
            return _userRole;
        }
    }
}

然后设置参数检查器(注意您可以使用其他检查器):

using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using System.ServiceModel;
using System.ServiceModel.Description;
using System.ServiceModel.Dispatcher;
using System.Web;

namespace MyCustomExtensionService
{
    public class MyParameterInspector : IParameterInspector
    {

        public void AfterCall(string operationName, object[] outputs, object returnValue, object correlationState)
        {
            //throw new NotImplementedException();
        }

        public object BeforeCall(string operationName, object[] inputs)
        {
            MethodInfo method = typeof(Service1).GetMethod(operationName);
            Attribute[] attributes = Attribute.GetCustomAttributes(method, typeof(UserAccessAttribute), true);

            var attr = (UserAccessAttribute)attributes.First();

            if (attributes.Any())
            {
                var userHasProperAuthorization = true;
                if (attr.GetUserRole() == "Residents" && userHasProperAuthorization)
                {
                    //everything is good, continue to operation
                }
                else
                {
                    throw new FaultException("You do not have the right security role!");
                }
            }



            return null;

        }
    }
}

然后设置端点行为(您可以使用其他行为):

using System;
using System.Collections.Generic;
using System.Linq;
using System.ServiceModel.Description;
using System.ServiceModel.Dispatcher;
using System.Web;

namespace MyCustomExtensionService
{
    public class MyCustomAttributeBehavior : IEndpointBehavior
    {
        public void AddBindingParameters(ServiceEndpoint endpoint, System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
        {
            //throw new NotImplementedException();
        }

        public void ApplyClientBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
        {
            foreach (ClientOperation clientOperation in clientRuntime.Operations)
            {
                clientOperation.ParameterInspectors.Add(
                    new MyParameterInspector());
            }
        }

        public void ApplyDispatchBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.EndpointDispatcher endpointDispatcher)
        {
            foreach (DispatchOperation dispatchOperation in endpointDispatcher.DispatchRuntime.Operations)
            {

                dispatchOperation.ParameterInspectors.Add(
                    new MyParameterInspector());
            }
        }

        public void Validate(ServiceEndpoint endpoint)
        {
            //throw new NotImplementedException();
        }
    }
}

然后您创建行为部分:

using System.Linq;
using System.ServiceModel.Configuration;
using System.Web;

namespace MyCustomExtensionService
{
    public class MyBehaviorSection : BehaviorExtensionElement
    {

        protected override object CreateBehavior()
        {
            return new MyCustomAttributeBehavior();

        }

        public override Type BehaviorType
        {

            get { return typeof(MyCustomAttributeBehavior); }


        }
    }
}

然后设置配置以使用新行为:

<system.serviceModel>
    <services>
      <service name ="MyCustomExtensionService.Service1">
        <endpoint address="" behaviorConfiguration="MyCustomAttributeBehavior"
          binding="basicHttpBinding" contract="MyCustomExtensionService.IService1">
        </endpoint>
      </service>
    </services>
    <extensions>
      <behaviorExtensions>
        <add name="Validator" type="MyCustomExtensionService.MyBehaviorSection, MyCustomExtensionService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
      </behaviorExtensions>
    </extensions>
    <behaviors>
      <endpointBehaviors>
        <behavior name="MyCustomAttributeBehavior">
          <Validator />
        </behavior>
      </endpointBehaviors>

这里是服务接口 - 有一个操作可以使用,另一个因用户访问错误而失败

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.ServiceModel.Web;
using System.Text;

namespace MyCustomExtensionService
{

    [ServiceContract]
    public interface IService1
    {

        [OperationContract]
        string GetData(int value);

        [OperationContract]
        string GetDataUsingWrongUserAccess(int value);

    }



}

服务运营:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.ServiceModel.Web;
using System.Text;

namespace MyCustomExtensionService
{

    public class Service1 : IService1
    {
        [UserAccess("Residents")]
        public string GetData(int value)
        {
            return string.Format("You entered: {0}", value);
        }

        [UserAccess("Admin")]
        public string GetDataUsingWrongUserAccess(int value)
        {
            return string.Format("You entered: {0}", value);
        }
    }
}

有关详细信息,请参阅MSDN http://msdn.microsoft.com/en-us/library/ms730137.aspx

也适用于检查员:http://cgeers.com/2008/11/09/wcf-extensibility-parameter-inspectors/

答案 1 :(得分:1)

属性仅仅是标志,描述,附加信息等元数据。您需要自己处理这些信息。您可以在方法本身中执行此操作,也可以使用反射来处理它。

    // Using reflection.
    MethodInfo method = typeof(ClassName).GetMethod("Get");
    Attribute[] attributes = Attribute.GetCustomAttributes(method, typeof(UserAccess), true);


    // Displaying output. 
    foreach (var attr in attributes)
    {
        if (attr is UserAccess)
        {
            var ua = (UserAccess)attr;
            System.Console.WriteLine("{0}",a.userRole);
        }
    }

*我还建议将属性一词后缀为您的UserAccess类作为约定。例如, UserAccessAttribute

答案 2 :(得分:0)

不,你不能这样做(不是单独使用),属性只不过是编译到你的代码中的元数据,他们自己什么都不做。在使用某些属性元数据修饰方法或类之后,您可以使用反射(如GetCustomAttributes(typeof(UserAccess)))来检索元数据并对其进行操作,SO answer很好地说明了这一点

你可以做的是,在你做任何你可以调用这个方法的事情之前,创建一个自定义方法,使用反射来检索元数据并为你做评估,然后在public Response Get(Request r)内,但这不是正是你要求的那种自动评估