问答博客资讯标签用户活动
logo极客观点logo项目管理logoHarmonyOS
javascript
前端
python
node.js
react
vue.js
php
laravel
go
人工智能
mysql
linux
ios
java
android
css
typescript
spring
程序员
logoONES 研发管理logo思否企业问答logo安谋科技 XPU

asp.net core restful风格的认证过滤怎么定制?

头像
fireemissary
    19434960

    我希望某些restful操作需要认证,可asp.net 的认证注解不好用:

    app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationScheme = "foo",          
                LoginPath = new PathString("/user/forbidden"),
                AccessDeniedPath = new PathString("/user/forbidden"),
                AutomaticAuthenticate = true,
                AutomaticChallenge = true
            });

    我的控制器需要返回json数据,加了[Authorize]的部分如果没登陆的话AccessDeniedPath 好像从来不会跳到,然后我把LoginPath也改成一样,倒是返回json数据了,可url也跳转了,还携带了return url信息.我的需求是加[Authorize]的控制器代码只返回{"error":"need anthorize"}就好,这应该怎么改动?

    Microsoftc#asp.net-mvcasp.netasp.net-core-1.0.net-core
    阅读 4.2k
    1 个回答
    得票最新
    头像
    yangzijian
      11139
      ✓ 已被采纳

      自己重写,下面是api的
      /// <summary>

      /// 是否具有权限   (已登陆)
/// </summary>
public class LoginValidationAttribute : AuthorizationFilterAttribute
{
    /// <summary>
    /// 是否验证
    /// </summary>
    public bool IsValidataion { get; set; }

    /// <summary>
    /// 构造函数
    /// </summary>
    /// <param name="isValidataion"></param>
    public LoginValidationAttribute(bool isValidataion = true)
    {
        IsValidataion = isValidataion;
    }

    /// <summary>
    /// 验证规则
    /// </summary>
    /// <param name="actionContext"></param>
    public override void OnAuthorization(HttpActionContext actionContext)
    {
        if (IsValidataion)
        {
            var token = HttpContext.Current.Request[RequestConfig.ApiToken];
            var user = new TokenStoreBusiness().GetUserByToken(token);
            var isThrough = user != null;
            if (isThrough)
            {
                RequestStore.User = user;
            }
            else
            {
                HttpResponseMessage messageResp;
                messageResp = actionContext.Request.CreateResponse(System.Net.HttpStatusCode.OK, new ResponseStrApi()
                {
                    ResultCode = ResponseResult.NoAuthorize,
                    Message = "未授权的访问",
                    Data = "未授权的访问"
                });
                actionContext.Response = messageResp;
                RequestStore.Record.StoreAsync(actionContext);
            }
        }
    }

}
      撰写回答
      你尚未登录,登录后可以
      • 和开发者交流问题的细节
      • 关注并接收问题和回答的更新提醒
      • 参与内容的编辑和改进,让解决方法与时俱进
      推荐问题