asp.net MVC自定义过滤器[RESTAuthorize]被忽略

时间:2016-05-22 07:27:56

标签: c# asp.net-web-api asp.net-web-api2 asp.net-mvc-custom-filter

[RESTAuthorization]被忽略,而是跳转到代码中获取所有国家而不检查Rest Authorization过滤器。

以下是RESTAuthorization

的代码 
using System; 
using System.Collections.Generic; 
using System.Linq; 
using System.Web; 
using System.Web.Mvc; 
using MyWebsite.Repository;

namespace MyWebsite.API.Attributes
{
    public class RESTAuthorizeAttribute : AuthorizeAttribute
    {
        private ISecurityRepository _repository;

        public RESTAuthorizeAttribute()
            : this(new SecurityRepository())
        {

        }

        public RESTAuthorizeAttribute(ISecurityRepository repository)
        {
            _repository = repository;
        }

        private const string _securityToken = "token";

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            if (Authorize(filterContext))
            {
                return;
            }

            HandleUnauthorizedRequest(filterContext);
        }

        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            base.HandleUnauthorizedRequest(filterContext);
        }

        private bool Authorize(AuthorizationContext actionContext)
        {
            try
            {
                HttpRequestBase request = actionContext.RequestContext.HttpContext.Request;
                string token = request.Params[_securityToken];
                string ip = _repository.GetIP(request);

                return _repository.IsTokenValid(token, ip, request.UserAgent);
            }
            catch (Exception)
            {
                return false;
            }
        }
    }
}

这是获取所有国家/地区的代码。 RestAuthorize被忽略

[RESTAuthorize]
[HttpGet]
public IEnumerable<dtoCountry> GetAllCountry()
{
    try
    {
        return _repository.GetAllCountry().ToList();
    }
    catch (UnauthorizedAccessException)
    {
        throw new HttpResponseException(HttpStatusCode.Unauthorized);
    }
    catch (Exception)
    {
        throw new HttpResponseException(HttpStatusCode.InternalServerError);
    }
}

1 个答案:

答案 0 :(得分:0)

 public class Authorizetest: System.Web.Http.AuthorizeAttribute
{
    private const string _securityToken = "token"; 
    public override void OnAuthorization(HttpActionContext actionContext)
    {

       if(Authorize(actionContext))
        {
            return;
        }
        HandleUnauthorizedRequest(actionContext);  
    }

    protected override void HandleUnauthorizedRequest(HttpActionContextactionContext)
    {
        base.HandleUnauthorizedRequest(actionContext);
    }

    private bool Authorize(HttpActionContext actionContext)
    {         
        try
        {                           
            var context = new HttpContextWrapper(HttpContext.Current);
            HttpRequestBase request = context.Request;              
            string token = request.Params[_securityToken];
            bool xyz = ValidatingTokens.IsTokenValid(token, 
            CommonManager.GetIP(request), request.UserAgent);
            return xyz;
        }
        catch (Exception)
        {
            return false;
        }
    }
}
相关问题
最新问题