public override void OnActionExecuting(HttpActionContext actionContext)
{
if (actionContext.IsUseAttributeOf <DoNotTrackAttribute>())
{
return;
}
var tracker = new RequestTracker();
actionContext.Request.Properties["Tracker"] = tracker;
tracker.Start(actionContext);
}
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext.IsUseAttributeOf <AllowAnonymousAttribute>())
{
return;
}
if (!IsAuthorized(actionContext))
{
return;
}
if (!ValidateRequest(actionContext))
{
return;
}
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var principal = Thread.CurrentPrincipal;
if (principal == null && HttpContext.Current != null)
{
principal = HttpContext.Current.User;
}
if (principal != null && principal.Identity != null && !principal.Identity.IsAuthenticated &&
actionContext.IsUseAttributeOf <AuthorizeAttribute>())
{
actionContext.CreateErrorResponse("用户未登录!");
return(false);
}
if (principal != null && principal.Identity != null && principal.Identity.IsAuthenticated)
{
if (!(principal.Identity is BasicAuthenticationIdentity identity))
{
return(false);
}
var context = new Context(identity.Name);
var bizUser = new UserBusiness(context);
var result = bizUser.ValidateLogin(identity.Name, identity.Password);
if (!result.IsValid)
{
actionContext.CreateErrorResponse(result.Message);
}
else
{
actionContext.RequestContext.Principal = principal;
actionContext.Request.Properties["Known_User"] = result.Data;
}
return(result.IsValid);
}
return(false);
}