Custom Authorize Attribute in Web API

2019-08-02 01:42发布

站内问答 / 前沿技术
1346 1 5

I want to create my custom authorization in web api controller to check the roles of the user and if its active user. So far this is my code and I don't know yet how/what to override in this codes. Thanks! your help is appreciated :D

using Avanza.Conference.Persistence;
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Controllers;

namespace Avanza.Conference.Core.Extensions
{
    public class CustomAuthorizeAttribute : AuthorizeAttribute
    {
        ApplicationDbContext _context = new ApplicationDbContext(); // my entity  

        public override void OnAuthorization(HttpActionContext actionContext)
        {

            //Sample on what to do here??
            if (AuthorizeRequest(actionContext))
            {

                return;

            }

            HandleUnauthorizedRequest(actionContext);

        }

        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {

            //Code to handle unauthorized request
            var challengeMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized);
            challengeMessage.Headers.Add("WWW-Authenticate", "Basic");
            throw new HttpResponseException(challengeMessage);

        }

        private bool AuthorizeRequest(HttpActionContext actionContext)
        {

            //Sample on what to do here??

            return true;

        }

    }
}

1条回答
趁早两清
2楼-- · 2019-08-02 02:33

Here is the sample you required, this check the request contains the authenticationtoken then only allow to execute the request. you can here check your session is available to check user logged in or not.

public class CustomAuthorize : System.Web.Http.AuthorizeAttribute
{
    public override void OnAuthorization({
           System.Web.Http.Controllers.HttpActionContext actionContext)
    private readonly string Resource {get; set; }base.OnAuthorization(actionContext);
        if (actionContext.Request.Headers.GetValues("authenticationToken") != null)
            string authenticationToken =public Convert.ToStringCustomAuthorize(
           string resource, string actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault()action);
            //authenticationTokenPersistant{
            // it is saved in someResource data= storeresource;
            // i will compare the authenticationToken sent byAction client= withaction;
            // authenticationToken persist in database against specific user, and act accordingly}
          public override ifvoid OnAuthorization(authenticationTokenPersistant != authenticationToken)
            {
                HttpContextSystem.CurrentWeb.ResponseHttp.AddHeader("authenticationToken",Controllers.HttpActionContext authenticationTokenactionContext);
                HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");{
                actionContext.Response = actionContext.Requestbase.CreateResponseOnAuthorization(HttpStatusCode.ForbiddenactionContext);
                return;
            }

 //Check your post authorization logic using Resource HttpContext.Current.Response.AddHeader("authenticationToken",and authenticationToken);Action
        HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized");
   //Your logic here to return return;
authorize or unauthorized response }
    actionContext.Response = 
      actionContext.Request.CreateResponse(HttpStatusCode.ExpectationFailed);}
    actionContext.Response.ReasonPhrase = "Please provide valid inputs";
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)