【问题标题】:How to Add a Filter in CustomAuthorizeAttribute Web API如何在 CustomAuthorizeAttribute Web API 中添加过滤器
【发布时间】:2017-09-04 22:23:08
【问题描述】:

我想对我的自定义授权属性进行过滤,但我不知道如何在我的代码中添加它。我想要这样。

[CustomAuthorize(Roles="Admin, Supervisor, SystemUser")]
[CustomAuthorize(Users="Kenneth,John")]
[CustomAuthorize(Customfilter="Update, View")]

这是我的自定义授权,要在我的代码中添加什么以获得过滤器?

public class CustomAuthorizeAttribute : AuthorizeAttribute
    {
        ApplicationDbContext _context = new ApplicationDbContext(); // my entity  

        public override void OnAuthorization(HttpActionContext actionContext)
        {
            if (AuthorizeRequest(actionContext))
            {
                return;
            }

            HandleUnauthorizedRequest(actionContext);
        }

        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {
            if (((System.Web.HttpContext.Current.User).Identity).IsAuthenticated)
            {

                actionContext.Response = new HttpResponseMessage()
                {
                    StatusCode = HttpStatusCode.Unauthorized,
                    Content = new StringContent("You are unauthorized to access this resource")
                };
            }
            else
            {
                base.HandleUnauthorizedRequest(actionContext);
            }
        }

        private bool AuthorizeRequest(HttpActionContext actionContext)
        {
            var user = _context.Users.ToList();

            if (user != null)
                return true;
            else
                return false;
        }
    }

【问题讨论】:

    标签: asp.net-mvc-5 asp.net-web-api2 authorize-attribute


    【解决方案1】:

    您可以像下面这样使用自定义授权

    public class CustomAuthorize : System.Web.Http.AuthorizeAttribute
        {
            private string Roles { get; set; }
            private string Customfilter { get; set; }
            private string Users { get; set; }
            public CustomAuthorize(string roles, string users,string Customfilter)
            {
                Roles = roles;
                Users = users;
                Customfilter = Customfilter
            }
           //Your default code here
           ApplicationDbContext _context = new ApplicationDbContext(); // my entity  
    
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            if (AuthorizeRequest(actionContext))
            {
                return;
            }
    
            HandleUnauthorizedRequest(actionContext);
        }
    
        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {
            if (((System.Web.HttpContext.Current.User).Identity).IsAuthenticated)
            {
    
                actionContext.Response = new HttpResponseMessage()
                {
                    StatusCode = HttpStatusCode.Unauthorized,
                    Content = new StringContent("You are unauthorized to access this resource")
                };
            }
            else
            {
                base.HandleUnauthorizedRequest(actionContext);
            }
        }
    
        private bool AuthorizeRequest(HttpActionContext actionContext)
        {
            var user = _context.Users.ToList();
    
            if (user != null)
                return true;
            else
                return false;
        }
    }
    

    【讨论】:

    • 然后呢?用户、角色和自定义过滤器将如何工作?他们将如何过滤?另外,这是否意味着这个 [CustomAuthorize(Roles="Admin, Supervisor, SystemUser") 的值将在 customauthorize 中自动传递?谢谢!
    • 从方法传递的值将在类中可用。您可以使用您的逻辑检查方法是否显示角色“管理员”,如果是,则登录的用户是否具有该角色,否则将其排除在外
    • public CustomAuthorize(字符串角色,字符串用户,字符串自定义过滤器){角色=角色;用户=用户; Customfilter = Customfilter } 这是从属性传递值吗?
    • 是的,当您将方法置于 [CustomAuthorize("Admin, Supervisor, SystemUser")] 之上时,这会将值传递给 CustomAuthorize
    • 谢谢你给我解释!!
    猜你喜欢
    • 2012-03-20
    • 2019-11-11
    • 1970-01-01
    • 2011-08-16
    • 2023-02-07
    • 1970-01-01
    • 1970-01-01
    • 2017-02-08
    • 1970-01-01
    相关资源
    最近更新 更多