示例#1
0
        public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
            var action           = context.ActionDescriptor as ControllerActionDescriptor;
            var isAllowAnonymous = action.ControllerTypeInfo.GetCustomAttribute <AllowAnonymousAttribute>();//获取Action中的特性
            var linkurl          = context.HttpContext.Request.Path.Value.Replace("/api/", "");
            var result           = new AjaxResult(MessageDefinitionType.Unauthorized, Enums.AjaxResultType.Unauthorized);

            if (!action.EndpointMetadata.Any(x => x is AllowAnonymousAttribute))
            {
                if (!_principal.Identity.IsAuthenticated)
                {
                    context.HttpContext.Response.StatusCode = StatusCodes.Status401Unauthorized;
                    context.Result = new JsonResult(result);
                    return;
                }
                else
                {
                    if (!action.EndpointMetadata.Any(x => x is NoAuthorityVerificationAttribute))
                    {
                        if (!await _authority.IsPermission(linkurl.ToLower()))
                        {
                            ////????不包含的时候怎么返回出去?这个请求终止掉
                            ///
                            _logger.LogError($"此{linkurl}地址没有权限");
                            result.Message = MessageDefinitionType.Uncertified;
                            result.Type    = Enums.AjaxResultType.Uncertified;
                            context.HttpContext.Response.StatusCode = StatusCodes.Status403Forbidden;
                            context.Result = new JsonResult(result);
                            return;
                        }
                    }
                }
            }
        }
 public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
 {
     IServiceProvider provider = context.HttpContext.RequestServices;
     await _authority.IsPermission("");
 }
        public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
            await _authority.IsPermission("");

            //throw new NotImplementedException();
        }