public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation)
{
IEnumerable <string> headers;
if (actionContext.Request.Headers.TryGetValues(name: "token", out headers))
{
var UserID = Convert.ToInt32(JwtTools.Decode(jwtStr: headers.First())["UserID"]);
var RoleID = Convert.ToInt32(JwtTools.Decode(jwtStr: headers.First())["RoleID"]);
(actionContext.ControllerContext.Controller as ApiController).User = new ApplicationUser(UserID, RoleID);
return(await continuation());
}
return(new HttpResponseMessage(HttpStatusCode.Unauthorized));
}
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation)
{
IEnumerable <string> token;
// 獲取token
if (actionContext.Request.Headers.TryGetValues("token", out token))
{
string loginName = JwtTools.Decode(token.First(), JwtTools.key)["LoginName"].ToString();
// User是一個實作了IIdentity的物件(裡面的Identity.Name等內容是唯獨的,所以只能創立個新的給他賦值)
(actionContext.ControllerContext.Controller as ApiController).User = new ApplicationUser(loginName);
return(await continuation());
}
return(new HttpResponseMessage(HttpStatusCode.Unauthorized));
}
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation)
{
//根据AllowAnonymous特性跳过验证
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>(true).Count > 0)
{
return(await continuation());
}
if (actionContext.Request.Headers.TryGetValues("token", out IEnumerable <string> headers))
{
var loginName = JwtTools.Decode(headers.FirstOrDefault(), JwtTools.Key)["loginName"].ToString();
var userId = JwtTools.Decode(headers.FirstOrDefault(), JwtTools.Key)["userId"].ToString();
(actionContext.ControllerContext.Controller as ApiController).User = new ApplicationUser(loginName, int.Parse(userId));
return(await continuation());
}
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
}
/// <summary>
///
/// </summary>
/// <param name="actionContext"></param>
/// <param name="cancellationToken"></param>
/// <param name="continuation"></param>
/// <returns></returns>
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation)
{
//获取request-->headers-->token
IEnumerable <string> headers;
if (actionContext.Request.Headers.TryGetValues(name: "token", out headers))
{
//如果获取到了headers里的token
//token
var loginName = JwtTools.Decode(jwtStr: headers.First())["LoginName"].ToString();
var userId = (int)JwtTools.Decode(jwtStr: headers.First())["UserId"];
(actionContext.ControllerContext.Controller as ApiController).User = new ApplicationUser(loginName, userId);
//异步方法-所以要加await
return(await continuation());
}
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
throw new NotImplementedException();
}
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext
actionContext, CancellationToken cancellationToken,
Func <Task <HttpResponseMessage> > continuation)
{
//如果传过来的数据有AllowAnonymous,则跳过过滤器
if (actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>(true).Count > 0)
{
return(await continuation());
}
//获取request-->headers-->token
IEnumerable <string> headers;
if (actionContext.Request.Headers.TryGetValues("token", out headers))
{
var loginName = JwtTools.Decode(headers.First())["username"].ToString();
var UserId = Guid.Parse(JwtTools.Decode(headers.First())["userid"].ToString());
(actionContext.ControllerContext.Controller as ApiController).User = new ApplicationUser
(loginName, UserId);
return(await continuation());
}
return(new HttpResponseMessage(HttpStatusCode.Unauthorized));
}
