时间戳

首页 > 解决方案 > 无法导致调用自定义 AuthorizeAttribute

authorize-attribute - 无法导致调用自定义 AuthorizeAttribute

问题描述

身份验证有效。一切都好,不用担心,如果我不发送正确的令牌,我会得到 401。

我想做的是按用户控制 REST API 方法。因此,我被告知要做到这一点的方法是将属性放在从 AuthorizeAttribute 派生的方法上。

我试图实现一种拒绝访问 MakeComplexNote 方法的简单方法。

问题是属性中的代码永远不会被调用。曾经。除了构造函数。

我不关心我正在尝试做的事情的优点。我只是想知道机械。我厌倦了与这个斗争。如何用尽可能少的代码做到这一点?

这是我的控制器:

using FleetApi.AuthProvider;
using System.Web.Http;

namespace FleetApi.Controllers
{
    public class MakeSimpleNoteRequest
    {
        public string Content { get; set; }
    }

    public class MakeSimpleNoteResponse
    {
        public string FinalNote { get; set; }
    }



    [Authorize]
    [RoutePrefix("api/notes")]
    public class NotesController : ApiController
    {
        [HttpPost]
        [Route(nameof(MakeSimpleNote))]
        public MakeSimpleNoteResponse MakeSimpleNote([FromBody] MakeSimpleNoteRequest request)
        {
            return new MakeSimpleNoteResponse()
            {
                FinalNote = request?.Content?.ToUpper(),
            };
        }


        [HttpPost]
        [Route(nameof(MakeComplexNote))]
        [FleetAuthorize]
        public MakeSimpleNoteResponse MakeComplexNote([FromBody] MakeSimpleNoteRequest request)
        {
            return new MakeSimpleNoteResponse()
            {
                FinalNote = "COMPLEX:" + (request?.Content?.ToUpper()),
            };
        }
    }
}

这是自定义属性

using System;
using System.Web;
using System.Web.Mvc;

namespace FleetApi.AuthProvider
{
    [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = false)]
    public class FleetAuthorizeAttribute : AuthorizeAttribute
    {
        public FleetAuthorizeAttribute()
        {
        }

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);
        }

        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            return false;
        }
    }
}

标签: authorize-attribute

解决方案

我想我终于找到了答案。我需要使用

using System.Web.Http;

代替

using System.Web.Mvc;

获取我的属性的基类

using System;
using System.Linq;
using System.Net.Http;
using System.Security.Claims;
using System.Web.Http;
using System.Web.Http.Controllers;

namespace FleetApi.AuthProvider
{
    [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true, AllowMultiple = false)]
    public class FleetAuthorizeAttribute : AuthorizeAttribute
    {
        public FleetAuthorizeAttribute()
        {
        }

        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            return false;
        }

        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {
            actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
            actionContext.Response.Content = new StringContent("{}");
        }
    }
}

推荐阅读