public override void OnActionExecuting(HttpActionContext actionContext) { IEnumerable <string> tokenItem = null; actionContext.Request.Headers.TryGetValues("token", out tokenItem); //没有token if (tokenItem == null) { throwUnanthorizedException(); } string token = tokenItem.ToList()[0]; VolunteerToken volunteerToken = VolunteerService.GetToken(token); //数据库没有此token if (volunteerToken == null) { throwUnanthorizedException(); } //token过期 if (volunteerToken.ExpiredTime < DateTime.UtcNow) { throwUnanthorizedException(); } Volunteer volunteer = VolunteerService.GetVolunteer(volunteerToken.VolunteerId); //volunteer是否存在或有效 if (volunteer == null || volunteer.Status == EnumUserStatus.注销 || volunteer.Status == EnumUserStatus.密码输入错误临时锁定 || volunteer.Status == EnumUserStatus.注册未验证手机) { throwUnanthorizedException(); } SetPrincipal(new VolunteerPrincipal(volunteer)); if (!VolunteerService.UpdateTokenActiveTime(volunteer.Id)) { throwUnanthorizedException(); } base.OnActionExecuting(actionContext); }