Web API中的自定义授权属性

时间:2017-04-04 08:04:11

标签: asp.net-mvc api web authorize-attribute

我想在web api控制器中创建自定义授权,以检查用户的角色及其活动用户。到目前为止,这是我的代码,我不知道如何/在此代码中覆盖什么。 谢谢!感谢您的帮助:D 

using Avanza.Conference.Persistence;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Controllers;

namespace Avanza.Conference.Core.Extensions
{
    public class CustomAuthorizeAttribute : AuthorizeAttribute
    {
        ApplicationDbContext _context = new ApplicationDbContext(); // my entity  

        public override void OnAuthorization(HttpActionContext actionContext)
        {

            //Sample on what to do here??
            if (AuthorizeRequest(actionContext))
            {

                return;

            }

            HandleUnauthorizedRequest(actionContext);

        }

        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {

            //Code to handle unauthorized request
            var challengeMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized);
            challengeMessage.Headers.Add("WWW-Authenticate", "Basic");
            throw new HttpResponseException(challengeMessage);

        }

        private bool AuthorizeRequest(HttpActionContext actionContext)
        {

            //Sample on what to do here??

            return true;

        }

    }
}

1 个答案:

答案 0 :(得分:1)

以下是您需要的示例,此检查请求包含authenticationtoken然后只允许执行请求。您可以在这里检查您的会话是否可用于检查登录或未登录的用户。

public class CustomAuthorize : System.Web.Http.AuthorizeAttribute
{
    public override void OnAuthorization({
           System.Web.Http.Controllers.HttpActionContext actionContext)
    private readonly string Resource {get; set; }base.OnAuthorization(actionContext);
        if (actionContext.Request.Headers.GetValues("authenticationToken") != null)
            string authenticationToken =public Convert.ToStringCustomAuthorize(
           string resource, string actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault()action);
            //authenticationTokenPersistant{
            // it is saved in someResource data= storeresource;
            // i will compare the authenticationToken sent byAction client= withaction;
            // authenticationToken persist in database against specific user, and act accordingly}
          public override ifvoid OnAuthorization(authenticationTokenPersistant != authenticationToken)
            {
                HttpContextSystem.CurrentWeb.ResponseHttp.AddHeader("authenticationToken",Controllers.HttpActionContext authenticationTokenactionContext);
                HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");{
                actionContext.Response = actionContext.Requestbase.CreateResponseOnAuthorization(HttpStatusCode.ForbiddenactionContext);
                return;
            }

 //Check your post authorization logic using Resource HttpContext.Current.Response.AddHeader("authenticationToken",and authenticationToken);Action
        HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized");
   //Your logic here to return return;
authorize or unauthorized response }
    actionContext.Response = 
      actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);}
    actionContext.Response.ReasonPhrase = "Please provide valid inputs";
}
相关问题
最新问题