我有一个自定义的AuthorizationAttribute:
public class CodeWomplerAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return SessionManager.CheckSession(SessionKeys.User)==true;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (SessionManager.CheckSession(SessionKeys.User) == false)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary
{
{ "action", "ActionName" },
{ "controller", "ControllerName" }
});
}
else
base.HandleUnauthorizedRequest(filterContext);
}
}
这是控制器中的示例函数:
[HttpPost]
[DotNetNuke.Web.Mvc.Framework.ActionFilters.ValidateAntiForgeryToken]
[CodeWomplerAuthorize]
public string InitializeNew()
{
var techSheet = new TechSheet {WorkOrder = {CreateDate = DateTime.Now}};
var empList = new WorkOrderEmployeeController().Gets().Recordset;
return JsonConvert.SerializeObject(Json(new{techSheet,empList}));
}
我的自定义属性效果很好。但是,如果我包含[DotNetNuke.Web.Mvc.Framework.ActionFilters.ValidateAntiForgeryToken],则会失败。
如果AuthorizeCore具有覆盖,ValidateAntiForgeryToken将失败。
如何在AuthorizeCore的替代中包含ValidateAntiForgeryToken?
答案 0 :(得分:0)
这是一种方法:
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var cookie = httpContext.Request.Cookies[AntiForgeryConfig.CookieName];
AntiForgery.Instance.Validate(cookie?.Value, httpContext.Request.Headers["__RequestVerificationToken"]);` protected override bool AuthorizeCore(HttpContextBase httpContext)
return SessionManager.CheckSession(SessionKeys.User)==true;
}