newstring[]{"sample1"

时间:2022-05-29 08:24:42

using System;  

using System.Linq;  

using System.Web;  

using System.Web.Http;  

using System.Web.Security;  

  

namespace OtherApi.Auth  

{  

  

    public class AuthFilterOutside : AuthorizeAttribute  

    {  

        //重写基类的验证方法,插手我们自界说的Ticket验证  

        public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)  

        {  

            //url获取token  

            var content = actionContext.Request.Properties["MS_HttpContext"as HttpContextBase;  

            var token = content.Request.Headers["Token"];  

            if (!string.IsNullOrEmpty(token))  

            {  

                //解密用户ticket,并校验用户名暗码是否匹配  

                if (ValidateTicket(token))  

                {  

                    base.IsAuthorized(actionContext);  

                }  

                else  

                {  

                    HandleUnauthorizedRequest(actionContext);  

                }  

            }  

            //如果取不到身份验证信息,并且不允许匿名访谒,则返回未验证401  

            else  

            {  

                var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>();  

                bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute);  

                if (isAnonymous) base.OnAuthorization(actionContext);  

                else HandleUnauthorizedRequest(actionContext);  

            }  

        }  

  

        //校验单据(数据库数据匹配)  

相关文章