zoukankan      html  css  js  c++  java
  • webapi权限控制

    webapi中的权限控制与mvc中的权限控制大致雷同,只是ActionFilterAttribute的命名空间不同

    在mvc中,如当前用户没有权限,直接在自己的 ActionFilterAttribute 中return就可以,但是在webapi中需要执行  actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);才可以

    我项目中的代码如下

    AuthenticationApiAttribute
     1 using System;
     2 using System.Net;
     3 using System.Net.Http;
     4 using System.Web;
     5 using System.Web.Http.Controllers;
     6 using System.Web.Http.Filters;
     7 using FrameWork.Core.Extends;
     8 using iAssistantAPI.Authentication;
     9 using iAssistantAPI.Models;
    10 
    11 namespace iAssistantAPI.APIAttributes
    12 {
    13     /// <summary>
    14     /// 基本验证Attribtue,用以Action的权限处理
    15     /// </summary>
    16     [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false)]
    17     public class AuthenticationApiAttribute : ActionFilterAttribute
    18     {
    19         /// <summary>  
    20         /// 检查用户是否有该Action执行的操作权限  
    21         /// </summary>  
    22         /// <param name="actionContext"></param>  
    23         public override void OnActionExecuting(HttpActionContext actionContext)
    24         {
    25             if (LocalSetting.GetLocalSetting().EnablePermission)
    26             {
    27                 if ((HttpContext.Current.Request.QueryString["HCPTicket"]).IsNullOrEmptyOrBlank())
    28                 {
    29                     HttpContext.Current.Response.Redirect("~/api/DenyAnonymousAccess/DenyAnonymous");
    30                     actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
    31                     return;
    32                 }
    33                 else
    34                 {
    35                     string ticket = HttpContext.Current.Request.QueryString["HCPTicket"].ToString();
    36                     ReturnModel rm = IdentityTicket.CheckTicketIsNotTimeOut(ticket);
    37                     if (rm.Result == false)
    38                     {
    39                         ////HttpContext.Current.Response.Write("{\"Result\":false,\"Info\":\"" + rm.Info + "\",\"RowCount\":0,\"ReturnData\":null}");
    40                         HttpContext.Current.Response.Redirect("~/api/DenyAnonymousAccess/LoginTimeout");
    41                         actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
    42                         return;
    43                     }
    44                 }
    45             }
    46             else
    47             {
    48                 base.OnActionExecuting(actionContext);
    49             }
    50         }
    51 
    52         /// <summary>
    53         /// 执行Action之后
    54         /// </summary>
    55         /// <param name="actionExecutedContext"></param>
    56         public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
    57         {
    58             base.OnActionExecuted(actionExecutedContext);
    59         }
    60     }
    61 }


    在需要权限控制的 action上或者control上标记此特性就可以了

  • 相关阅读:
    client offset screen 的区别
    js中const,var,let区别
    jquery的选择器
    gulp
    JS 实现图片放大效果
    html单个标签实现跑马灯效果
    前端之HTML知识点整理
    各种纯css图标
    防止反复点击的思路
    .NET Memcached Client 扩展获取所有缓存Key
  • 原文地址:https://www.cnblogs.com/renzhendewo/p/3008410.html
Copyright © 2011-2022 走看看