WebAPI中controller添加[AllowAnonymous]无效的解决方法
对于Methods添加[AllowAnonymous]可以进行匿名访问,但是对于Controller添加时无效
public class AuthAttribute : AuthorizationFilterAttribute { public override void OnAuthorization(HttpActionContext actionContext) { //如果用户方位的Action带有AllowAnonymousAttribute,则不进行授权验证,但是controller中无效 //if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any()) //{ // return; //}
//分别验证在method和controller中的AllowAnonymousAttribute属性
if (((ReflectedHttpActionDescriptor)actionContext.ActionDescriptor).MethodInfo.IsDefined(typeof(AllowAnonymousAttribute), true)
||actionContext.ActionDescriptor.ControllerDescriptor.ControllerType.IsDefined(typeof(AllowAnonymousAttribute), true))
{
return;
}
//token验证
...
}
}