【发布时间】:2017-09-04 22:23:08
【问题描述】:
我想对我的自定义授权属性进行过滤,但我不知道如何在我的代码中添加它。我想要这样。
[CustomAuthorize(Roles="Admin, Supervisor, SystemUser")]
[CustomAuthorize(Users="Kenneth,John")]
[CustomAuthorize(Customfilter="Update, View")]
这是我的自定义授权,要在我的代码中添加什么以获得过滤器?
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
ApplicationDbContext _context = new ApplicationDbContext(); // my entity
public override void OnAuthorization(HttpActionContext actionContext)
{
if (AuthorizeRequest(actionContext))
{
return;
}
HandleUnauthorizedRequest(actionContext);
}
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
if (((System.Web.HttpContext.Current.User).Identity).IsAuthenticated)
{
actionContext.Response = new HttpResponseMessage()
{
StatusCode = HttpStatusCode.Unauthorized,
Content = new StringContent("You are unauthorized to access this resource")
};
}
else
{
base.HandleUnauthorizedRequest(actionContext);
}
}
private bool AuthorizeRequest(HttpActionContext actionContext)
{
var user = _context.Users.ToList();
if (user != null)
return true;
else
return false;
}
}
【问题讨论】:
标签: asp.net-mvc-5 asp.net-web-api2 authorize-attribute