我正在使用Windows身份验证背后的ASP.Net Web API并使用[Authorize]属性来指定用户可以访问的控制器和函数。这非常有效。问题是我希望帮助区域仅反映用户被授予访问权限的内容。好奇,如果有人以某种方式实现了这一点。这是在控制器,App Start还是帮助控制器的级别完成的。
提前致谢...
我的某个控制器的代码片段
[Authorize]
public class TaktTimeController : ApiController
{
private BIDataContainer db = new BIDataContainer();
// GET api/TaktTime
[Authorize(Roles="Admins")]
public IQueryable<TaktTime> GetTaktTimes()
{
return db.TaktTimes;
}
// GET api/TaktTime/5
[ResponseType(typeof(TaktTime))]
[Authorize(Roles = "Admins")]
public IHttpActionResult GetTaktTime(string id)
{
TaktTime takttime = db.TaktTimes.Find(id);
if (takttime == null)
{
return NotFound();
}
return Ok(takttime);
}
答案 0 :(得分:1)
这可以通过razor视图实现,如下所示,你需要的东西。
@if (User.IsInRole("admin"))
{
<div>
<!--Text for admin here-->
</div>
}
@if (User.IsInRole("user"))
{
<div>
<!--Text for user here-->
</div>
}
可以在WebApi控制器中使用相同的逻辑
public string Get()
{
if(User.IsInRole("admin"))
{
return "Text for admin";
}
if(User.IsInRole("user"))
{
return "Text for user";
}
}
答案 1 :(得分:1)
您需要修改HelpController.cs并添加以下方法:
using System.Collections.ObjectModel;
private Collection<ApiDescription> FilteredDescriptions()
{
var desctiptionsToShow = new Collection<ApiDescription>();
foreach (var apiDescription in Configuration.Services.GetApiExplorer().ApiDescriptions)
{
var actionDescriptor = apiDescription.ActionDescriptor as ReflectedHttpActionDescriptor;
var authAttribute = actionDescriptor?.MethodInfo.CustomAttributes.FirstOrDefault(x => x.AttributeType.Name == nameof(System.Web.Http.AuthorizeAttribute));
var roleArgument = authAttribute?.NamedArguments?.FirstOrDefault(x => x.MemberName == nameof(System.Web.Http.AuthorizeAttribute.Roles));
var roles = roleArgument?.TypedValue.Value as string;
if (roles?.Split(',').Any(role => User.IsInRole(role.Trim())) ?? false)
{
desctiptionsToShow.Add(apiDescription);
}
}
return desctiptionsToShow;
}
并从Index()操作中调用它:
return View(FilteredDescriptions());
答案 2 :(得分:0)
在 Stanislav 方法的基础上,我添加了对 AllowAnonymous、基于用户名的授权、控制器属性和全局授权过滤器的支持。
public ActionResult Index()
{
ViewBag.DocumentationProvider = Configuration.Services.GetDocumentationProvider();
//return View(Configuration.Services.GetApiExplorer().ApiDescriptions);
return View(FilteredDescriptions());
}
private Collection<ApiDescription> FilteredDescriptions()
{
var list = Configuration.Services.GetApiExplorer().ApiDescriptions
.Where(apiDescription =>
{
// action attributes
if (apiDescription.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count != 0)
{
return true;
}
var actionAuthorizeAttributes = apiDescription.ActionDescriptor.GetCustomAttributes<AuthorizeAttribute>();
if (actionAuthorizeAttributes.Count != 0)
{
return actionAuthorizeAttributes.All(IsUserAuthorized);
}
// controller attributes
if (apiDescription.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count != 0)
{
return true;
}
var controllerAuthorizeAttributes = apiDescription.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AuthorizeAttribute>();
if (controllerAuthorizeAttributes.Count != 0)
{
return controllerAuthorizeAttributes.All(IsUserAuthorized);
}
// global attributes
if (apiDescription.ActionDescriptor.Configuration.Filters.OfType<AllowAnonymousAttribute>().Any())
{
return true;
}
var globalAuthorizeAttributes = apiDescription.ActionDescriptor.Configuration.Filters.OfType<AuthorizeAttribute>().ToList();
if (globalAuthorizeAttributes.Count != 0)
{
return globalAuthorizeAttributes.All(IsUserAuthorized);
}
return true;
})
.ToList();
return new Collection<ApiDescription>(list);
}
private bool IsUserAuthorized(AuthorizeAttribute authorizeAttribute)
{
return User.Identity.IsAuthenticated
&& (authorizeAttribute.Roles == "" || authorizeAttribute.Roles.Split(',').Any(role => User.IsInRole(role.Trim())))
&& (authorizeAttribute.Users == "" || authorizeAttribute.Users.Split(',').Any(user => User.Identity.Name == user));
}