更新时间:2023-02-15 22:45:54
有关我的情况***的解决办法似乎是绕过基地的 OnAuthorization 完全。因为我有验证每次饼干和缓存的原则,是没有多大用处。因此,这里是我想出了解决办法:
The best solution for my scenario appears to be bypass the base OnAuthorization completely. Since I have to authenticate each time cookies and caching the principle are not of much use. So here is the solution I came up with:
public override void OnAuthorization(HttpActionContext actionContext)
{
string username;
string password;
if (GetUserNameAndPassword(actionContext, out username, out password))
{
if (Membership.ValidateUser(username, password))
{
if (!isUserAuthorized(username))
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
}
else
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
}
else
{
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.BadRequest);
}
}
我开发我自己的方法来验证名为 isUserAuthorized ,我不使用基本的 OnAuthorization 任何更多,因为它会检查当前的原理角色>看它是否 isAuthenticated 。 IsAuthenticated 只允许得到,因此我不知道怎么回事,设置它,我似乎并不需要电流原理。测试了这一点,它工作正常。
I developed my own method for validating the roles called isUserAuthorized and I am not using the base OnAuthorization any more since it checks the current Principle to see if it isAuthenticated. IsAuthenticated only allows gets so I am not sure how else to set it, and I do not seem to need the current Principle. Tested this out and it works fine.
如果任何人有一个更好的解决方案,也可以看到与此这一项的任何问题仍感兴趣。
Still interested if anyone has a better solution or can see any issues with this this one.