public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { //如果当前操作是禁止身份授权验证的,则返回下一个步骤 if (Utility.IsSuppressed(actionContext.ActionDescriptor, out var attribute)) { return(await continuation()); } var authorizer = this.Authorizer ?? throw new InvalidOperationException("Missing required authorizer."); var principal = actionContext.RequestContext.Principal as CredentialPrincipal; if (principal != null) { if (!principal.Identity.IsAuthenticated) { return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized)); } if (attribute.TryGetRoles(out var roles) && !authorizer.InRoles(principal.Identity.Credential.User, roles)) { return new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden) { Content = new StringContent( Resources.ResourceUtility.GetString("Text.Forbidden.NotInRoles", string.Join(",", roles)), System.Text.Encoding.UTF8, "text/plain") } } ; if (!string.IsNullOrEmpty(attribute.Schema)) { var action = actionContext.GetSchemaAction(attribute.Schema, attribute.Action, out var schema); if (!authorizer.Authorize(principal.Identity.Credential.User, attribute.Schema, action != null ? action.Name : attribute.Action)) { return new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden) { Content = new StringContent( Resources.ResourceUtility.GetString("Text.Forbidden.NotAuthorized", schema != null ? schema.Title : attribute.Schema, action != null ? action.Title : attribute.Action), System.Text.Encoding.UTF8, "text/plain"), } } ; } } return(await continuation()); } #endregion } }