public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
var action = context.ActionDescriptor as ControllerActionDescriptor;
var isAllowAnonymous = action.ControllerTypeInfo.GetCustomAttribute <AllowAnonymousAttribute>();//获取Action中的特性
var linkurl = context.HttpContext.Request.Path.Value.Replace("/api/", "");
var result = new AjaxResult(MessageDefinitionType.Unauthorized, Enums.AjaxResultType.Unauthorized);
if (!action.EndpointMetadata.Any(x => x is AllowAnonymousAttribute))
{
if (!_principal.Identity.IsAuthenticated)
{
context.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
context.Result = new JsonResult(result);
return;
}
else
{
if (!action.EndpointMetadata.Any(x => x is NoAuthorityVerificationAttribute))
{
if (!await _authority.IsPermission(linkurl.ToLower()))
{
////????不包含的时候怎么返回出去?这个请求终止掉
///
_logger.LogError($"此{linkurl}地址没有权限");
result.Message = MessageDefinitionType.Uncertified;
result.Type = Enums.AjaxResultType.Uncertified;
context.HttpContext.Response.StatusCode = StatusCodes.Status403Forbidden;
context.Result = new JsonResult(result);
return;
}
}
}
}
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
IServiceProvider provider = context.HttpContext.RequestServices;
await _authority.IsPermission("");
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
await _authority.IsPermission("");
//throw new NotImplementedException();
}
