newstring[]{"sample1"
using System;
using System.Linq;
using System.Web;
using System.Web.Http;
using System.Web.Security;
namespace OtherApi.Auth
{
public class AuthFilterOutside : AuthorizeAttribute
{
//重写基类的验证方法,插手我们自界说的Ticket验证
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
//url获取token
var content = actionContext.Request.Properties["MS_HttpContext"] as HttpContextBase;
var token = content.Request.Headers["Token"];
if (!string.IsNullOrEmpty(token))
{
//解密用户ticket,并校验用户名暗码是否匹配
if (ValidateTicket(token))
{
base.IsAuthorized(actionContext);
}
else
{
HandleUnauthorizedRequest(actionContext);
}
}
//如果取不到身份验证信息,并且不允许匿名访谒,则返回未验证401
else
{
var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>();
bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute);
if (isAnonymous) base.OnAuthorization(actionContext);
else HandleUnauthorizedRequest(actionContext);
}
}
//校验单据(数据库数据匹配)
温馨提示: 本文由Jm博客推荐,转载请保留链接: https://www.jmwww.net/file/36202.html
