我有一个简单的asp.net mvc身份验证的以下代码
[ExcludeFromCodeCoverage]
public partial class Startup
{
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
});
}
}
global.asax app start
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
//Ejecuta la inicializacion de la base de datos
Database.SetInitializer<ComisionesContext>(new ComisionesInitializer());
GlobalConfiguration.Configuration.Formatters.XmlFormatter.SupportedMediaTypes.Clear();
UnityConfig.RegisterComponents();
AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.Name;
}
unityconfig
[ExcludeFromCodeCoverage]
public static class UnityConfig
{
public static void RegisterComponents()
{
var container = new UnityContainer();
// register all your components with the container here
// it is NOT necessary to register your controllers
// e.g. container.RegisterType<ITestService, TestService>();
container.RegisterType<IAuthenticationManager>(new InjectionFactory(o => HttpContext.Current.GetOwinContext().Authentication));
container.RegisterType<IAccount, Account>();
DependencyResolver.SetResolver(new UnityDependencyResolver(container));
}
}
然后,我们的视图应该受到匿名用户的保护。
@model List<xx.Models.TipoDeCanal>
@using PowerData.Comisiones.Models
@{
ViewBag.Title = "Tipos de Canal";
}
<h2>Tipos de Canal</h2>
@(Html.Kendo().Grid<TipoDeCanal>()
.Name("Grid")
.Columns(columns =>
{
columns.Bound(p => p.Nombre).Title("Nombre");
columns.Bound(p => p.Descripcion).Title("Descripcion");
columns.Command(command => { command.Edit(); command.Destroy(); });
})
.ToolBar(toolbar => toolbar.Create())
.Editable(editable => editable.Mode(GridEditMode.PopUp))
.Pageable()
.Sortable()
.Scrollable(scr => scr.Height(430))
.Filterable()
.DataSource(dataSource => dataSource
.WebApi()
//.Ajax()
//.ServerOperation(false)
.PageSize(20)
.Events(events => events.Error("error_handler"))
.Model(model =>
{
model.Id(p => p.ID);
model.Field(p => p.ID).Editable(false);
})
.Create(create => create.Url(Url.HttpRouteUrl("DefaultApi", new { controller = "TipoDeCanales" }))) // Action invoked when the user saves a new data item
.Read(read => read.Url(Url.HttpRouteUrl("DefaultApi", new { controller = "TipoDeCanales" }))) // Action invoked when the grid needs data
.Update(update => update.Url(Url.HttpRouteUrl("DefaultApi", new { controller = "TipoDeCanales", id = "{0}" }))) // Action invoked when the user saves an updated data item
.Destroy(destroy => destroy.Url(Url.HttpRouteUrl("DefaultApi", new { controller = "TipoDeCanales", id = "{0}" }))) // Action invoked when the user removes a data item
//.Create(update => update.Action("Create", "TipoDeCanales"))
//.Read(read => read.Action("Read", "TipoDeCanales"))
//.Update(update => update.Action("Edit", "TipoDeCanales"))
//.Destroy(update => update.Action("Delete", "TipoDeCanales"))
)
)
<script type="text/javascript">
function error_handler(e) {
if (e.errors) {
var message = "Errors:\n";
$.each(e.errors, function (key, value) {
if ('errors' in value) {
$.each(value.errors, function () {
message += this + "\n";
});
}
});
toastr.error(message)
//alert(message);
}
}
</script>
主控制器具有authorize属性\
[Authorize]
public class TipoDeCanalesController : GenericController
{
public System.Web.Mvc.ActionResult Index()
{
ViewBag.Message = "Welcome to ASP.NET MVC!";
return View();
}
}
并且api控制器也具有authorize属性
[System.Web.Mvc.Authorize]
public class TipoDeCanalesController : GenericApiController
{
private UnitOfWork unitOfWork = new UnitOfWork();
// GET api/TipoDeCanal/5
public TipoDeCanal GetTipoDeCanal(int id)
{
TipoDeCanal tipoDeCanal = unitOfWork.TipoDeCanalRepository.GetByID(id);
if (tipoDeCanal == null)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound));
}
return tipoDeCanal;
}
// GET api/TiposDeCanal
public DataSourceResult GetTiposDeCanal([System.Web.Http.ModelBinding.ModelBinder(typeof(WebApiDataSourceRequestModelBinder))]DataSourceRequest request)
{
TipoDeCanal[] tiposDeCanal = unitOfWork.TipoDeCanalRepository.Get().ToArray();
DataSourceResult result = tiposDeCanal.ToDataSourceResult(request);
return result;
}
// PUT api/TipoDeCanal/ edit
public HttpResponseMessage PutTipoDeCanal(int id, TipoDeCanal tipoDeCanal)
{
if (!ModelState.IsValid)
{
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
}
if (id != tipoDeCanal.ID)
{
return Request.CreateResponse(HttpStatusCode.BadRequest);
}
try
{
unitOfWork.TipoDeCanalRepository.Update(tipoDeCanal);
unitOfWork.Save();
}
catch (DbUpdateConcurrencyException ex)
{
return Request.CreateErrorResponse(HttpStatusCode.NotFound, ex);
}
return Request.CreateResponse(HttpStatusCode.OK);
}
// POST api/TiposDeCanal add
public HttpResponseMessage PostTipoDeCanal(TipoDeCanal tipoDeCanal)
{
if (ModelState.IsValid)
{
unitOfWork.TipoDeCanalRepository.Insert(tipoDeCanal);
unitOfWork.Save();
DataSourceResult result = new DataSourceResult
{
Data = new[] { tipoDeCanal },
Total = 1
};
HttpResponseMessage response = Request.CreateResponse(HttpStatusCode.Created, result);
response.Headers.Location = new Uri(Url.Link("DefaultApi", new {Controller="TipoDeCanalesController", id = tipoDeCanal.ID}));
return response;
}
else
{
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
}
}
// DELETE api/TipoDeCanal/5
public HttpResponseMessage DeleteTipoDeCanal(int id)
{
TipoDeCanal tipoDeCanal= unitOfWork.TipoDeCanalRepository.GetByID(id);
if (tipoDeCanal == null)
{
return Request.CreateResponse(HttpStatusCode.NotFound);
}
unitOfWork.TipoDeCanalRepository.Delete(tipoDeCanal.ID);
try
{
unitOfWork.Save();
}
catch (DbUpdateConcurrencyException ex)
{
return Request.CreateErrorResponse(HttpStatusCode.NotFound, ex);
}
return Request.CreateResponse(HttpStatusCode.OK, tipoDeCanal);
}
protected override void Dispose(bool disposing)
{
unitOfWork.Dispose();
base.Dispose(disposing);
}
}
但是,作为匿名用户,我去htttp:// localhost / TiposDeCanales
执行该控制器的Index操作,用户仍然可以看到页面内容和数据库中的记录。