c#权限验证

在开发过程中，需要对访问者的身份做权限验证（再filter中进行权限过滤）。

在每次进入控制器方法之前进行调用：如

    [ControllerAuth]
    [RoutePrefix("ClinicCall")]
    public class ClinicCallController : ApiController

权限验证的处理：

using GoodDoctor.CloudClinic.Trading.Domain.CM;
using GoodDoctor.CloudClinic.Trading.Webapi.Models.DTO;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;

namespace GoodDoctor.CloudClinic.Trading.Webapi.Filter
{
    public class ControllerAuthAttribute : System.Web.Http.AuthorizeAttribute
    {
        private string _token;//请求Token

        public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>();
            bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute);
            if (!isAnonymous)
            {
                //从http请求的头里面获取身份验证信息，验证是否是请求发起方的token
                var authorization = actionContext.Request.Headers.Authorization;
                if ((authorization != null) && (authorization.Parameter != null))
                {
                    //用户token,并校验用户名密码是否匹配
                    _token = authorization.Parameter;

                    var result = IsAuthorized(actionContext);
                    if (!result)
                    {
                        HandleUnauthorizedRequest(actionContext);
                    }
                }
                else
                {
                    HandleUnauthorizedRequest(actionContext);
                }
            }
        }
        /// <summary>
        /// 验证权限 
        /// </summary>
        /// <param name="actionContext"></param>
        /// <returns></returns>
        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            bool hasPermission = false;
            if (actionContext == null || actionContext.RequestContext == null || actionContext.RequestContext.Principal == null)
            {
                return hasPermission;
            }
            var user = actionContext.RequestContext.Principal as ClaimsPrincipal;
            if (user == null || user.FindFirst("given_name") == null)
            {
                return hasPermission;
            }
            var phone = user.FindFirst("given_name").Value;
            using (var context = new YZS_TRAEntities())
            {
                var entity = context.医生诊所.FirstOrDefault(o => o.医生手机号 == phone && o.是否启用.Value);
                if (entity != null)
                {
                    hasPermission = true;
                }
            }
            return hasPermission;
        }

    }
}