asp.net webapi 全局設置 所有api controller安全認證的方法、判斷是否登錄的方法
1. 新建AuthAttribute 特性
public class AuthAttribute : ActionFilterAttribute
{
public AuthAttribute()
{
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
var Context = (HttpContextBase)actionContext.Request.Properties["MS_HttpContext"];
if (SkipAuth(actionContext))//是否該類標記爲NoAuch
{
base.OnActionExecuting(actionContext);
return;
}
//前端只要把登錄成功後獲取到的logintoken放入headers裏傳入即可。不影響正常post get的參數
var logintoken = actionContext.Request.Headers.Contains("logintoken") ?
actionContext.Request.Headers.GetValues("logintoken").First() : "";
var result = Auth(logintoken);
if (string.IsNullOrEmpty(logintoken) || result.Status != JsonModelHelper.EJsonModel.Auth)
{
Context.Response.ContentType = "application/json";
Context.Response.Write(JsonConvert.SerializeObject(new JsonModelHelper.JsonModel { Status = JsonModelHelper.EJsonModel.Fail, Information = "失敗, 登錄信息已過期,請重新登錄" }));
Context.Response.End();
}
// base.OnActionExecuting(actionContext);
}
/// <summary>
/// 判斷類和方法頭上的特性是否要進行Action攔截
/// </summary>
/// <param name="actionContext"></param>
/// <returns></returns>
private static bool SkipAuth(HttpActionContext actionContext)
{
return actionContext.ActionDescriptor.GetCustomAttributes<NoAuthAttribute>().Any() || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<NoAuthAttribute>().Any();
}
}
2. 新增NoAuthAttribute 特性
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true)]
public class NoAuthAttribute : AuthAttribute
{
}
3. 在app_start/WebApiConfig.cs中配置auth過濾全局action
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API 配置和服務
//設置全局過濾器
config.Filters.Add(new AuthAttribute());
}
}
4. 設置logincontroller不判斷登錄狀態
[NoAuth]
public partial class LoginController : ApiController
{
/// <summary>
/// 登錄
/// </summary>
/// <param name="adminuser">adminuser</param>
/// <returns></returns>
public int Post(adminuser adminuser){return 1;}
}