/// <summary>
/// 检查用户是否有该Action执行的操作权限
/// </summary>
/// <param name="actionContext"></param>
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (!actionContext.ModelState.IsValid)//验证WebApi的参数与特性是否有效
{
if (actionContext.ModelState.FirstOrDefault(item => item.Value.Errors.Count > 0).Value.Errors.Count > 0)
{
actionContext.Response = Web_Response.ResponseResult(
new ResponseModel()
{
StatusCode = HttpStatusCode.OK, ErrorMsg = actionContext.ModelState.FirstOrDefault(item => item.Value.Errors.Count > 0).Value.Errors.FirstOrDefault().ErrorMessage
});
}
}
if (HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName] != null)//获取Authorization值
{
System.Net.Http.Headers.AuthenticationHeaderValue authValue = new System.Net.Http.Headers.AuthenticationHeaderValue(HttpContext.Current.User.Identity.Name, HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName].Value);
actionContext.Request.Headers.Authorization = authValue;
}
//http://www.faceye.net/search/102356.html
//检验用户ticket信息,用户ticket信息来自调用发起方
var authorization = actionContext.Request.Headers.Authorization;
if ((authorization != null) && (authorization.Parameter != null))
{
//解密用户ticket,并校验用户名密码是否匹配
var encryptTicket = authorization.Parameter;
if (ValidateUserTicket(encryptTicket))
{
base.OnActionExecuting(actionContext);
}
else
{
actionContext.Response = Web_Response.ResponseResult(
new ResponseModel()
{
StatusCode = HttpStatusCode.Unauthorized, ErrorMsg = "登录失效"
});
}
}
else
{
//如果请求Header不包含ticket,则判断是否是匿名调用
var attr = actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().OfType <AllowAnonymousAttribute>();
bool isAnonymous = attr.Any(a => a is AllowAnonymousAttribute);
//是匿名用户,则继续执行;非匿名用户,抛出“未授权访问”信息
if (isAnonymous)
{
base.OnActionExecuting(actionContext);
}
else
{
actionContext.Response = Web_Response.ResponseResult(
new ResponseModel()
{
StatusCode = HttpStatusCode.Unauthorized, ErrorMsg = "未授权访问"
});
}
}
}
public override void OnException(HttpActionExecutedContext context)
{
try
{
//日志路径
string path = HttpContext.Current.Server.MapPath("/Logs/WebApi/" + DateTime.Now.Year + "_" + DateTime.Now.Month + "_" + DateTime.Now.Day + ".txt");
Exception ex = context.Exception;
StringBuilder errMsg = new StringBuilder();
errMsg.Append("请求地址:" + context.Request.RequestUri + "\r\n");
errMsg.Append("请求时间:" + DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") + "\r\n");
errMsg.Append("请求IP:" + Common.IPHelper.GetIP() + "\r\n");
errMsg.Append("错误消息:" + ex.Message + "\r\n");
errMsg.Append("错误方法:" + ex.TargetSite.ToString() + "\r\n");
errMsg.Append("错误对象:" + ex.Source + "\r\n");
errMsg.Append("栈堆信息:" + ex.StackTrace + "\r\n");
Common.FileHelper.WriteLog(path, true, errMsg.ToString());
}
finally
{
context.Response = Web_Response.ResponseResult(
new ResponseModel()
{
StatusCode = HttpStatusCode.InternalServerError, ErrorMsg = "服务器响应失败,错误原因:" + context.Exception.Message
});
}
}