c#权限验证
在开发过程中,需要对访问者的身份做权限验证(再filter中进行权限过滤)。
在每次进入控制器方法之前进行调用:如
[ControllerAuth] [RoutePrefix("ClinicCall")] public class ClinicCallController : ApiController
权限验证的处理:
using GoodDoctor.CloudClinic.Trading.Domain.CM; using GoodDoctor.CloudClinic.Trading.Webapi.Models.DTO; using System; using System.Collections.Generic; using System.Linq; using System.Security.Claims; using System.Web; using System.Web.Http; using System.Web.Http.Controllers; namespace GoodDoctor.CloudClinic.Trading.Webapi.Filter { public class ControllerAuthAttribute : System.Web.Http.AuthorizeAttribute { private string _token;//请求Token public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>(); bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute); if (!isAnonymous) { //从http请求的头里面获取身份验证信息,验证是否是请求发起方的token var authorization = actionContext.Request.Headers.Authorization; if ((authorization != null) && (authorization.Parameter != null)) { //用户token,并校验用户名密码是否匹配 _token = authorization.Parameter; var result = IsAuthorized(actionContext); if (!result) { HandleUnauthorizedRequest(actionContext); } } else { HandleUnauthorizedRequest(actionContext); } } } /// <summary> /// 验证权限 /// </summary> /// <param name="actionContext"></param> /// <returns></returns> protected override bool IsAuthorized(HttpActionContext actionContext) { bool hasPermission = false; if (actionContext == null || actionContext.RequestContext == null || actionContext.RequestContext.Principal == null) { return hasPermission; } var user = actionContext.RequestContext.Principal as ClaimsPrincipal; if (user == null || user.FindFirst("given_name") == null) { return hasPermission; } var phone = user.FindFirst("given_name").Value; using (var context = new YZS_TRAEntities()) { var entity = context.医生诊所.FirstOrDefault(o => o.医生手机号 == phone && o.是否启用.Value); if (entity != null) { hasPermission = true; } } return hasPermission; } } }