无法调用自定义 AuthorizeAttribute

编程问答 2022-04-25

问题描述

身份验证有效。一切都很好,不用担心,如果我没有发送正确的令牌,我会收到 401。

我想做的是由用户控制 REST API 方法。所以我理解这样做的方法是在从 AuthorizeAttribute 派生的方法上放置一个属性

我正在尝试实现一种拒绝访问 MakeComplexNote 方法的非常简单的方法

问题是属性中的代码从来没有被调用过。曾经。除了构造函数

我不关心我正在尝试做的事情的优点。我只想了解机制。我厌倦了与这个斗争。我如何用尽可能少的代码做到这一点?

这是我的控制器:

using FleetApi.AuthProvider;
using System.Web.Http;

namespace FleetApi.Controllers
{
    public class MakeSimpleNoteRequest
    {
        public string Content { get; set; }
    }

    public class MakeSimpleNoteResponse
    {
        public string FinalNote { get; set; }
    }



    [Authorize]
    [RoutePrefix("api/notes")]
    public class NotesController : ApiController
    {
        [HttpPost]
        [Route(nameof(MakeSimpleNote))]
        public MakeSimpleNoteResponse MakeSimpleNote([FromBody] MakeSimpleNoteRequest request)
        {
            return new MakeSimpleNoteResponse()
            {
                FinalNote = request?.Content?.toupper(),};
        }


        [HttpPost]
        [Route(nameof(MakeComplexNote))]
        [FleetAuthorize]
        public MakeSimpleNoteResponse MakeComplexNote([FromBody] MakeSimpleNoteRequest request)
        {
            return new MakeSimpleNoteResponse()
            {
                FinalNote = "COMPLEX:" + (request?.Content?.toupper()),};
        }
    }
}

这里是自定义属性

using System;
using System.Web;
using System.Web.Mvc;

namespace FleetApi.AuthProvider
{
    [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class,Inherited = true,AllowMultiple = false)]
    public class FleetAuthorizeAttribute : AuthorizeAttribute
    {
        public FleetAuthorizeAttribute()
        {
        }

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            base.OnAuthorization(filterContext);
        }

        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            return false;
        }
    }
}

解决方法

我想我终于找到了答案。我需要使用

using System.Web.Http;

代替

using System.Web.Mvc;

获取我的属性的基类

using System;
using System.Linq;
using System.Net.Http;
using System.Security.Claims;
using System.Web.Http;
using System.Web.Http.Controllers;

namespace FleetApi.AuthProvider
{
    [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class,Inherited = true,AllowMultiple = false)]
    public class FleetAuthorizeAttribute : AuthorizeAttribute
    {
        public FleetAuthorizeAttribute()
        {
        }

        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            return false;
        }

        protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
        {
            actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
            actionContext.Response.Content = new StringContent("{}");
        }
    }
}