/// <summary> /// 自定义鉴权 /// </summary> public class WebApiAuthAttribute : AuthorizeAttribute { /// <summary> /// 权限验证 /// </summary> /// <param name="actionContext"></param> public override void OnAuthorization(HttpActionContext actionContext) { V_UserLogin UserInfo = Models.User.UserInfo.UserData; if (UserInfo == null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, "请先登录!", "application/json"); } else if (string.IsNullOrEmpty(Roles) == false && Roles.Split('、').Any(p => p == UserInfo.UserType) == false) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, "你没有访问权限!", "application/json"); } else { base.IsAuthorized(actionContext);//为此请求授权 } } }