Пример #1
0
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            if (httpContext.Request.HttpMethod == HttpMethod.Options.Method)
            {
                httpContext.Response.StatusCode = (int)HttpStatusCode.Accepted;
                return(true);
            }

            var result      = false;
            var accessToken = string.Empty;

            // Header中传递Token
            accessToken = httpContext.Request.Headers[AuthorizeHelper.TOKEN_KEY];
            if (!string.IsNullOrWhiteSpace(accessToken) && AuthorizeHelper.IsExistToken(accessToken))
            {
                result = true;
            }

            if (!result && (httpContext.Request.HttpMethod == HttpMethod.Get.Method || method == AuthorizeMethodEnum.Get))
            {
                // 通过地址栏传递
                accessToken = httpContext.Request.QueryString[AuthorizeHelper.TOKEN_KEY];
                if (string.IsNullOrWhiteSpace(accessToken))
                {
                    accessToken = httpContext.Request.Form[AuthorizeHelper.TOKEN_KEY];
                }
                if (!string.IsNullOrWhiteSpace(accessToken) && AuthorizeHelper.IsExistToken(accessToken))
                {
                    result = true;
                }
            }

            if (result)
            {
                result = AuthorizeExtension.Execute(AuthorizeTypeEnum.MVC, AuthorizeHelper.GetToken(accessToken));
            }

            if (!result)
            {
                httpContext.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
            }
            return(result);
        }
        protected override bool IsAuthorized(HttpActionContext actionContext)
        {
            if (actionContext.Request.Method == HttpMethod.Options)
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Accepted);
                return(true);
            }

            var result      = false;
            var accessToken = string.Empty;

            // Header中传递Token
            var ts = actionContext.Request.Headers.Where(c => c.Key.ToLower() == AuthorizeHelper.TOKEN_KEY).FirstOrDefault().Value;

            if (ts != null)
            {
                accessToken = ts.First <string>();
                result      = AuthorizeHelper.IsExistToken(accessToken);
            }

            if (!result && (actionContext.Request.Method == HttpMethod.Get || method == AuthorizeMethodEnum.Get))
            {
                // 通过地址栏传递
                accessToken = actionContext.Request.GetQueryNameValuePairs().Where(x => x.Key == AuthorizeHelper.TOKEN_KEY).FirstOrDefault().Value;
                if (accessToken != null && AuthorizeHelper.IsExistToken(accessToken))
                {
                    result = true;
                }
            }

            if (result)
            {
                result = AuthorizeExtension.Execute(AuthorizeTypeEnum.API, AuthorizeHelper.GetToken(accessToken));
            }

            return(result);
        }