public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation)
{
//如果当前操作是禁止身份授权验证的,则返回下一个步骤
if (Utility.IsSuppressed(actionContext.ActionDescriptor, out var attribute))
{
return(await continuation());
}
var authorizer = this.Authorizer ?? throw new InvalidOperationException("Missing required authorizer.");
var principal = actionContext.RequestContext.Principal as CredentialPrincipal;
if (principal != null)
{
if (!principal.Identity.IsAuthenticated)
{
return(new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized));
}
if (attribute.TryGetRoles(out var roles) && !authorizer.InRoles(principal.Identity.Credential.User, roles))
{
return new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden)
{
Content = new StringContent(
Resources.ResourceUtility.GetString("Text.Forbidden.NotInRoles", string.Join(",", roles)),
System.Text.Encoding.UTF8, "text/plain")
}
}
;
if (!string.IsNullOrEmpty(attribute.Schema))
{
var action = actionContext.GetSchemaAction(attribute.Schema, attribute.Action, out var schema);
if (!authorizer.Authorize(principal.Identity.Credential.User, attribute.Schema, action != null ? action.Name : attribute.Action))
{
return new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden)
{
Content = new StringContent(
Resources.ResourceUtility.GetString("Text.Forbidden.NotAuthorized", schema != null ? schema.Title : attribute.Schema, action != null ? action.Title : attribute.Action),
System.Text.Encoding.UTF8, "text/plain"),
}
}
;
}
}
return(await continuation());
}
#endregion
}
}