查看自定义 AuthorizeAttribute,我已经知道检查授权的正确方法是IsAuthorized方法:
例如:
protected override bool IsAuthorized(HttpActionContext actionContext)
{
bool isAuthroized = base.IsAuthorized(actionContext);
return isAuthroized && MY_OTHER_CONDITIONs; //!
}
就像我说的那样我已经知道了。
但是,我们已经决定覆盖OnAuthorization:
Here is an example code from an existing library:
public class CustomerOrdersAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
base.OnAuthorization(actionContext);
// If not authorized at all, don't bother checking for the
// customer - order relation
if (actionContext.Response == null)
{
//Get customer key
int customerKey = GetCustomerKey(actionContext.Request.GetRouteData());
//Check customer-order relation
if (!customer.Name.Equals(Thread.CurrentPrincipal.Identity.Name))
{
actionContext.Response = request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
}
问题:
查看作者的代码:if (actionContext.Response == null) {...}及其评论:" 如果未经授权"
- 这是正确方式,用于检查OnAuthorization方法中是否未发生异常?检查Response == null ?(表示:base.OnAuthorization 没有例外输出)?
(对我来说似乎很奇怪,因为可能会发生异常并仍然响应为null .....或者我错了吗?另外 - 我要做的最后一件事就是开始研究标题代码以查找错误...)
NB
我的问题是针对WebApi1而不是2.x
