public void OnAuthorization(AuthorizationFilterContext context)
{
// 取得Request呼叫的Action名稱
string accessAction = context.CurrentAction();
// 外部的驗證在"/api/auth/checkAuth"實做,內部controller驗證
if (string.Compare(accessAction, "checkAuth", true) != 0)
{
//----取得參數判斷user是否有權限使用Action----//
string authHeader = context.HttpContext.GetToken();
string userAccount = context.HttpContext.CurrentUserId(); // 從jwt抓id,無jwt或偽造時,讀出userAccount = null
var userRole = _context.GetUserRoles(userAccount);
// ----正式驗證request權限---- //
if (authHeader != null && authHeader.StartsWith("Bearer", true, CultureInfo.CurrentCulture))
{
if (!(_context.HasAllowedAction(userRole, accessAction) && _context.HasUserRole(userRole, userAccount)))
{
FailAuthorize(context);
}
}
//Guest & Anonymous without authorized header, 沒有帶入header,userRole預設是0,對照database Guest角色代號0
else
{
if (!_context.HasAllowedAction(userRole, accessAction))
{
FailAuthorize(context);
}
}
}
}
public IActionResult CheckAuth([FromRoute] string ctrlName, [FromRoute] string actName)
{
string authHeader = HttpContext.GetToken();
string userAccount = HttpContext.CurrentUserId(); //從jwt抓id,無jwt或偽造時,讀出userAccount = null
var userRole = _context.GetUserRoles(userAccount);
// ----正式驗證request權限---- //
if (authHeader != null && authHeader.StartsWith("Bearer", true, CultureInfo.CurrentCulture))
{
if (_context.HasAllowedAction(userRole, actName) && _context.HasUserRole(userRole, userAccount))
{
return(Ok());
}
}
return(Unauthorized());
}