asp.net webapi 全局設置 所有api controller安全認證的方法、判斷是否登錄的方法
1. 新建AuthAttribute 特性
public class AuthAttribute : ActionFilterAttribute { public AuthAttribute() { } public override void OnActionExecuting(HttpActionContext actionContext) { var Context = (HttpContextBase)actionContext.Request.Properties["MS_HttpContext"]; if (SkipAuth(actionContext))//是否該類標記爲NoAuch { base.OnActionExecuting(actionContext); return; } //前端只要把登錄成功後獲取到的logintoken放入headers裏傳入即可。不影響正常post get的參數 var logintoken = actionContext.Request.Headers.Contains("logintoken") ? actionContext.Request.Headers.GetValues("logintoken").First() : ""; var result = Auth(logintoken); if (string.IsNullOrEmpty(logintoken) || result.Status != JsonModelHelper.EJsonModel.Auth) { Context.Response.ContentType = "application/json"; Context.Response.Write(JsonConvert.SerializeObject(new JsonModelHelper.JsonModel { Status = JsonModelHelper.EJsonModel.Fail, Information = "失敗, 登錄信息已過期,請重新登錄" })); Context.Response.End(); } // base.OnActionExecuting(actionContext); }
/// <summary> /// 判斷類和方法頭上的特性是否要進行Action攔截 /// </summary> /// <param name="actionContext"></param> /// <returns></returns> private static bool SkipAuth(HttpActionContext actionContext) { return actionContext.ActionDescriptor.GetCustomAttributes<NoAuthAttribute>().Any() || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<NoAuthAttribute>().Any(); }
}
2. 新增NoAuthAttribute 特性
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true)] public class NoAuthAttribute : AuthAttribute { }
3. 在app_start/WebApiConfig.cs中配置auth過濾全局action
public static class WebApiConfig { public static void Register(HttpConfiguration config) { // Web API 配置和服務 //設置全局過濾器 config.Filters.Add(new AuthAttribute()); } }
4. 設置logincontroller不判斷登錄狀態
[NoAuth] public partial class LoginController : ApiController { /// <summary> /// 登錄 /// </summary> /// <param name="adminuser">adminuser</param> /// <returns></returns> public int Post(adminuser adminuser){return 1;} }