AuthorizeAttribute 之 AllowAnonymous & ActionAuthorize
[ActionAuthorize] public class HomeController : Controller { private readonly ILogger<HomeController> _logger; public HomeController(ILogger<HomeController> logger) { _logger = logger; } public IActionResult Index() { return View(); } public IActionResult Index2(long userid) { return View(); } public JsonResult GetCall() { return new JsonResult("test"); } [AllowAnonymous] public JsonResult GetCallNoAuth() { return new JsonResult("no auth"); } public IActionResult AuthFail() { return View(); } public IActionResult AccessFail() { return View(); } public IActionResult Privacy() { return View(); } [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)] public IActionResult Error() { return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier }); } }
public class ActionAuthorizeAttribute : AuthorizeAttribute, IAuthorizationFilter { private long _targetUserId = 1; private string _notAllowedAction = "deny" ; public void OnAuthorization(AuthorizationFilterContext filterContext) { var query = filterContext.HttpContext.Request.Query; if (!query.ContainsKey("userid") || query["userid"].ToString() != _targetUserId.ToString()) { filterContext.Result = new RedirectToActionResult("home", "AuthFail", null); return; } var routes = filterContext.HttpContext.Request.RouteValues; if (routes.ContainsKey(_notAllowedAction)) { filterContext.Result = new RedirectToActionResult("home", "AccessFail", null); return; } return; } }