碼上歡樂
相關內容    簡體    繁體

c#權限驗證

本文轉載自   查看原文   2018-09-05 10:59   969    c#

在開發過程中,需要對訪問者的身份做權限驗證(再filter中進行權限過濾)。

在每次進入控制器方法之前進行調用:如

    [ControllerAuth]
    [RoutePrefix("ClinicCall")]
    public class ClinicCallController : ApiController

權限驗證的處理:

using GoodDoctor.CloudClinic.Trading.Domain.CM;
using GoodDoctor.CloudClinic.Trading.Webapi.Models.DTO;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;

namespace GoodDoctor.CloudClinic.Trading.Webapi.Filter
{
    public class ControllerAuthAttribute : System.Web.Http.AuthorizeAttribute
    {
        private string _token;//請求Token

        public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>();
            bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute);
            if (!isAnonymous)
            {
                //從http請求的頭里面獲取身份驗證信息,驗證是否是請求發起方的token
                var authorization = actionContext.Request.Headers.Authorization;
                if ((authorization != null) && (authorization.Parameter != null))
                {
                    //用戶token,並校驗用戶名密碼是否匹配
                    _token = authorization.Parameter;

                    var result = IsAuthorized(actionContext);
                    if (!result)
                    {
                        HandleUnauthorizedRequest(actionContext);
                    }
                }
                else
                {
                    HandleUnauthorizedRequest(actionContext);
                }
            }
        }
        /// <summary>
        /// 驗證權限 
        /// </summary>
        /// <param name="actionContext"></param>
        /// <returns></returns>
        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            bool hasPermission = false;
            if (actionContext == null || actionContext.RequestContext == null || actionContext.RequestContext.Principal == null)
            {
                return hasPermission;
            }
            var user = actionContext.RequestContext.Principal as ClaimsPrincipal;
            if (user == null || user.FindFirst("given_name") == null)
            {
                return hasPermission;
            }
            var phone = user.FindFirst("given_name").Value;
            using (var context = new YZS_TRAEntities())
            {
                var entity = context.醫生診所.FirstOrDefault(o => o.醫生手機號 == phone && o.是否啟用.Value);
                if (entity != null)
                {
                    hasPermission = true;
                }
            }
            return hasPermission;
        }

    }
}

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 C#微信開發-微信JS-SDK(1)之通過config接口注入權限驗證配置 用C#實現基於(OpenId Connect)的單點登錄與RBAC權限驗證(SSO,OIDC,RBAC) c#前端驗證和后台驗證總結 C# 驗證碼(字母驗證,公式驗證) C#的默認訪問權限 C#修改文件夾權限 C# 彩色扭曲驗證碼 C# 中的正則驗證及用法 C#生成驗證碼實例 C#模型驗證類的實現
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM