我在下面为我的WebAPI 2应用创建了一个自定义AuthorizationFilterAttribute:
public class ApiKeyRequiredAttribute : AuthorizationFilterAttribute
{
private string key;
public ApiKeyRequiredAttribute(string key) : base()
{
this.key = key;
}
public override Task OnAuthorizationAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
IEnumerable<string> headers = new List<string>();
actionContext.Request.Headers.TryGetValues("x-apikey", out headers);
if (!headers.Any() || headers.Single() != this.key)
{
throw new SecurityException("Invalid API key provided");
}
return base.OnAuthorizationAsync(actionContext, cancellationToken);
}
}
它做了它应该做的事情:具有正确标题的用户看到结果,其他人得到例外。但是 - 如何返回HTTP Error 401 Unauthorized?
一旦我不抛出异常 - 正常的执行流程就会继续。当然,我不必实现全局异常处理程序,对吗?
答案 0 :(得分:0)
如果不对此进行测试,您可以从当前请求创建ErrorResponse,如下所示: -
<feature name="Whitelist">
<param name="android-package" value="org.apache.cordova.whitelist.WhitelistPlugin" />
<param name="onload" value="true" />
</feature>