public void OnAuthorization(AuthorizationFilterContext context)
{
var user = context.HttpContext.User;
//var xxx = _permissionCliam;
if (!user.Identity.IsAuthenticated)
{
var result = new ApiResultModel <bool>();
result.Unauthorized();
context.Result = new JsonResult(result);
context.HttpContext.Response.StatusCode = result.Status;
return;
}
//return;
//// you can also use registered services
//var someService = context.HttpContext.RequestServices.GetRequiredService<IConfiguration>();
var alowAccess = user.Claims.Where(x => x.Value.Equals(_permissionCliam)).FirstOrDefault();
if (alowAccess == null || alowAccess.Value.isNOEOW())
{
var result = new ApiResultModel <bool>();
result.Forbidden();
context.Result = new JsonResult(result);
context.HttpContext.Response.StatusCode = result.Status;
return;
}
return;
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var cache = context.HttpContext.RequestServices.GetRequiredService <IDistributedCache>();
var result = new ApiResultModel <bool>();
if (isCheckCleint)
{
if (!context.HttpContext.Request.Headers.TryGetValue(ClientKeyHeaderName, out var potentialClientKey))
{
result = new ApiResultModel <bool>();
result.Unauthorized("Client Key: is required");
context.Result = new JsonResult(result);
context.HttpContext.Response.StatusCode = result.Status;
return;
}
var client = new ClientInfomation(context.HttpContext);
string clientKey = null;
var value = await cache.GetAsync(CacheModel.ApiKey + client.GetClientID());
if (value != null)
{
clientKey = Encoding.UTF8.GetString(value);
}
if (clientKey == null || !clientKey.Equals(potentialClientKey))
{
result = new ApiResultModel <bool>();
result.Unauthorized("Client Key is invalid, please reopen your appication");
context.Result = new JsonResult(result);
context.HttpContext.Response.StatusCode = result.Status;
return;
}
}
else if (!context.HttpContext.Request.Headers.TryGetValue(ClientApiHeaderName, out var potentialClientApi))
{
result = new ApiResultModel <bool>();
result.Unauthorized("API Key: is required");
context.Result = new JsonResult(result);
context.HttpContext.Response.StatusCode = result.Status;
return;
}
await next();
}