WebAPI中controller添加[AllowAnonymous]无效的解决方法

 对于Methods添加[AllowAnonymous]可以进行匿名访问,但是对于Controller添加时无效

public class AuthAttribute : AuthorizationFilterAttribute
{
  public override void OnAuthorization(HttpActionContext actionContext)
  {
    //如果用户方位的Action带有AllowAnonymousAttribute,则不进行授权验证,但是controller中无效
    //if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any())
    //{
    // return;
    //}
  
    //分别验证在method和controller中的AllowAnonymousAttribute属性
    if (((ReflectedHttpActionDescriptor)actionContext.ActionDescriptor).MethodInfo.IsDefined(typeof(AllowAnonymousAttribute), true)
      ||actionContext.ActionDescriptor.ControllerDescriptor.ControllerType.IsDefined(typeof(AllowAnonymousAttribute), true))     
    {
      return;
    }
        
    //token验证
    ...

  }
}

 

 

posted @ 2019-03-30 16:48  vichang  阅读(3335)  评论(0编辑  收藏  举报