我使用HttpParameterBinding不仅为webAPI操作的参数赋值,而且还使用它来检查权限。
public override Task ExecuteBindingAsync(ModelMetadataProvider metadataProvider, HttpActionContext actionContext, CancellationToken cancellationToken)
{
//I get the userId from another parameter that is set from another parameter binding
int userId = Convert.ToInt32(actionContext.ActionArguments["userId"]);
var permission = getPermissions(userId);
if (permission < minRight)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
Content = new StringContent("Permission Denied.")
};
}
actionContext.ActionArguments[Descriptor.ParameterName] = permission;
var taskSource = new TaskCompletionSource<object>();
taskSource.SetResult(null);
return taskSource.Task;
}
然而,这继续执行。有没有办法,最好不要抛出异常,在这里返回401响应而不是继续执行。