public void OnAuthorization(AuthorizationFilterContext context)
        {
            var user = context.HttpContext.User;

            //var xxx = _permissionCliam;
            if (!user.Identity.IsAuthenticated)
            {
                var result = new ApiResultModel <bool>();
                result.Unauthorized();
                context.Result = new JsonResult(result);
                context.HttpContext.Response.StatusCode = result.Status;
                return;
            }
            //return;
            //// you can also use registered services
            //var someService = context.HttpContext.RequestServices.GetRequiredService<IConfiguration>();
            var alowAccess = user.Claims.Where(x => x.Value.Equals(_permissionCliam)).FirstOrDefault();

            if (alowAccess == null || alowAccess.Value.isNOEOW())
            {
                var result = new ApiResultModel <bool>();
                result.Forbidden();
                context.Result = new JsonResult(result);
                context.HttpContext.Response.StatusCode = result.Status;
                return;
            }
            return;
        }
Esempio n. 2
0
        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            var cache  = context.HttpContext.RequestServices.GetRequiredService <IDistributedCache>();
            var result = new ApiResultModel <bool>();

            if (isCheckCleint)
            {
                if (!context.HttpContext.Request.Headers.TryGetValue(ClientKeyHeaderName, out var potentialClientKey))
                {
                    result = new ApiResultModel <bool>();
                    result.Unauthorized("Client Key: is required");
                    context.Result = new JsonResult(result);
                    context.HttpContext.Response.StatusCode = result.Status;
                    return;
                }
                var    client    = new ClientInfomation(context.HttpContext);
                string clientKey = null;
                var    value     = await cache.GetAsync(CacheModel.ApiKey + client.GetClientID());

                if (value != null)
                {
                    clientKey = Encoding.UTF8.GetString(value);
                }

                if (clientKey == null || !clientKey.Equals(potentialClientKey))
                {
                    result = new ApiResultModel <bool>();
                    result.Unauthorized("Client Key is invalid, please reopen your appication");
                    context.Result = new JsonResult(result);
                    context.HttpContext.Response.StatusCode = result.Status;
                    return;
                }
            }
            else if (!context.HttpContext.Request.Headers.TryGetValue(ClientApiHeaderName, out var potentialClientApi))
            {
                result = new ApiResultModel <bool>();
                result.Unauthorized("API Key: is required");
                context.Result = new JsonResult(result);
                context.HttpContext.Response.StatusCode = result.Status;
                return;
            }
            await next();
        }