public void OnAuthorization(AuthorizationFilterContext context) { var user = context.HttpContext.User; //var xxx = _permissionCliam; if (!user.Identity.IsAuthenticated) { var result = new ApiResultModel <bool>(); result.Unauthorized(); context.Result = new JsonResult(result); context.HttpContext.Response.StatusCode = result.Status; return; } //return; //// you can also use registered services //var someService = context.HttpContext.RequestServices.GetRequiredService<IConfiguration>(); var alowAccess = user.Claims.Where(x => x.Value.Equals(_permissionCliam)).FirstOrDefault(); if (alowAccess == null || alowAccess.Value.isNOEOW()) { var result = new ApiResultModel <bool>(); result.Forbidden(); context.Result = new JsonResult(result); context.HttpContext.Response.StatusCode = result.Status; return; } return; }
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) { var cache = context.HttpContext.RequestServices.GetRequiredService <IDistributedCache>(); var result = new ApiResultModel <bool>(); if (isCheckCleint) { if (!context.HttpContext.Request.Headers.TryGetValue(ClientKeyHeaderName, out var potentialClientKey)) { result = new ApiResultModel <bool>(); result.Unauthorized("Client Key: is required"); context.Result = new JsonResult(result); context.HttpContext.Response.StatusCode = result.Status; return; } var client = new ClientInfomation(context.HttpContext); string clientKey = null; var value = await cache.GetAsync(CacheModel.ApiKey + client.GetClientID()); if (value != null) { clientKey = Encoding.UTF8.GetString(value); } if (clientKey == null || !clientKey.Equals(potentialClientKey)) { result = new ApiResultModel <bool>(); result.Unauthorized("Client Key is invalid, please reopen your appication"); context.Result = new JsonResult(result); context.HttpContext.Response.StatusCode = result.Status; return; } } else if (!context.HttpContext.Request.Headers.TryGetValue(ClientApiHeaderName, out var potentialClientApi)) { result = new ApiResultModel <bool>(); result.Unauthorized("API Key: is required"); context.Result = new JsonResult(result); context.HttpContext.Response.StatusCode = result.Status; return; } await next(); }