我正在IParameterInspector验证我的WCF服务操作,如:
class MyParameterInspector : IParameterInspector
{
public object BeforeCall(string operationName, object[] inputs)
{
Token token = CarrierHelper.ReadMessageHeader<Token>();
//Here change the operation entered parameters or something else
}
}
我想阅读在Beforecall中制作或操作的参数或值,如:
public string MyOperation()
{
//Here I want to read that parameter which manipulate or make in BeforeCall
}
实施这种方法是否有好方法或解决方法?
更多解释:
通过IParameterInspector我们可以为每个操作定义一个atrrib来检查用户访问权限,因此我通过IOperationBehavior和IParameterInspector实现了此操作,因此在BeforeCall用户可以检索并检查attrib作为操作权限(操作授权)静态作为枚举,但假设每个操作应该知道如何在资源上运行(资源安全性,行级安全性)资源是动态的我不能将它们定义为静态或硬编码,如权限应该从每个用户的DB读取,我认为也可以实现这一点,但我真的不知道如何?
public class RemedyBehaviorAttribute : Attribute, IOperationBehavior
{
public PrimitiveActivity[] PermissionsToCheck { get; set; }
public RemedyBehaviorAttribute(params PrimitiveActivity[] pi)
{
PermissionsToCheck = pi;
}
public void AddBindingParameters(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase, Collection<ServiceEndpoint> endpoints, BindingParameterCollection bindingParameters)
{
}
public void Validate(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase) { }
public void AddBindingParameters(OperationDescription operationDescription,
BindingParameterCollection bindingParameters)
{
}
public void ApplyClientBehavior(OperationDescription operationDescription,
ClientOperation clientOperation)
{
RemedyParameterInspector paramInspector = new RemedyParameterInspector
{
Permissions = PermissionsToCheck
};
clientOperation.ParameterInspectors.Add(paramInspector);
}
public void ApplyDispatchBehavior(OperationDescription operationDescription,
DispatchOperation dispatchOperation)
{
RemedyParameterInspector paramInspector = new RemedyParameterInspector
{
Permissions = PermissionsToCheck
};
dispatchOperation.ParameterInspectors.Add(paramInspector);
}
public void Validate(OperationDescription operationDescription)
{
}
}
class RemedyParameterInspector : IParameterInspector
{
public PrimitiveActivity[] Permissions { get; set; }
public void AfterCall(string operationName, object[] outputs, object returnValue, object correlationState)
{
}
public object BeforeCall(string operationName, object[] inputs)
{
Token token = CarrierHelper.ReadMessageHeader<Token>();
bool hasAccess = Permissions.Any(x => token.HasAccess(x));
if (!hasAccess)
throw new Exception(string.Format("Response to end user get failed, User:{0} have not access to operation:{1}...", token.UserGUID, operationName));
return null;
}
private void SetLoggingContext(object[] inputs, MethodInfo mi)
{
}
private void CreateArgumentForInvokeLog(MethodInfo mi, object[] inputs)
{
}
private void CreateArgumentForResultLog(MethodInfo mi, object[] outputs, object returnValue)
{
}
}
并使用:
[RemedyBehavior(PrimitiveActivity.Search, PrimitiveActivity.ManageExam)]
public DTO_OUT Search(DTO_IN find_DTO_IN)
{
}
提前致谢。