public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { IEnumerable <string> headers; if (actionContext.Request.Headers.TryGetValues(name: "token", out headers)) { var UserID = Convert.ToInt32(JwtTools.Decode(jwtStr: headers.First())["UserID"]); var RoleID = Convert.ToInt32(JwtTools.Decode(jwtStr: headers.First())["RoleID"]); (actionContext.ControllerContext.Controller as ApiController).User = new ApplicationUser(UserID, RoleID); return(await continuation()); } return(new HttpResponseMessage(HttpStatusCode.Unauthorized)); }
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { IEnumerable <string> token; // 獲取token if (actionContext.Request.Headers.TryGetValues("token", out token)) { string loginName = JwtTools.Decode(token.First(), JwtTools.key)["LoginName"].ToString(); // User是一個實作了IIdentity的物件(裡面的Identity.Name等內容是唯獨的,所以只能創立個新的給他賦值) (actionContext.ControllerContext.Controller as ApiController).User = new ApplicationUser(loginName); return(await continuation()); } return(new HttpResponseMessage(HttpStatusCode.Unauthorized)); }
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { //根据AllowAnonymous特性跳过验证 if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>(true).Count > 0) { return(await continuation()); } if (actionContext.Request.Headers.TryGetValues("token", out IEnumerable <string> headers)) { var loginName = JwtTools.Decode(headers.FirstOrDefault(), JwtTools.Key)["loginName"].ToString(); var userId = JwtTools.Decode(headers.FirstOrDefault(), JwtTools.Key)["userId"].ToString(); (actionContext.ControllerContext.Controller as ApiController).User = new ApplicationUser(loginName, int.Parse(userId)); return(await continuation()); } return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)); }
/// <summary> /// /// </summary> /// <param name="actionContext"></param> /// <param name="cancellationToken"></param> /// <param name="continuation"></param> /// <returns></returns> public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { //获取request-->headers-->token IEnumerable <string> headers; if (actionContext.Request.Headers.TryGetValues(name: "token", out headers)) { //如果获取到了headers里的token //token var loginName = JwtTools.Decode(jwtStr: headers.First())["LoginName"].ToString(); var userId = (int)JwtTools.Decode(jwtStr: headers.First())["UserId"]; (actionContext.ControllerContext.Controller as ApiController).User = new ApplicationUser(loginName, userId); //异步方法-所以要加await return(await continuation()); } return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)); throw new NotImplementedException(); }
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { //如果传过来的数据有AllowAnonymous,则跳过过滤器 if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>(true).Count > 0) { return(await continuation()); } //获取request-->headers-->token IEnumerable <string> headers; if (actionContext.Request.Headers.TryGetValues("token", out headers)) { var loginName = JwtTools.Decode(headers.First())["username"].ToString(); var UserId = Guid.Parse(JwtTools.Decode(headers.First())["userid"].ToString()); (actionContext.ControllerContext.Controller as ApiController).User = new ApplicationUser (loginName, UserId); return(await continuation()); } return(new HttpResponseMessage(HttpStatusCode.Unauthorized)); }