在.Net MVC结构API接口中推断http头信息实现公共的权限验证过滤器演示样例-白红宇

在.Net MVC结构API接口中推断http头信息实现公共的权限验证过滤器演示样例

阅读量：6017 次

发布时间：2019-06-20

本文共 3703 字，大约阅读时间需要 12 分钟。

//control action

public class TestController : ApiController{	[MyAuthFilter]	public string test(string str)	{		return str.Trim();	}}

//过虑器类    public class MyAuthFilter : ActionFilterAttribute    {        const string SecurityKeyName = "MySecurityKey";//http头的name        public object _EBACLS = new object();        public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)        {            if (EBPermission == "1")//推断权限            {                if (EBACLS == null)                {                    lock (_EBACLS)                    {                        EBACLS = SetEBACLSData();                    }                }                bool isAuth = false;                bool isPermission = false;                EBSecurityData EBSecurityData = null;//自己定义对象                IEnumerable
     
       lists;                if (actionContext.Request.Headers.TryGetValues(SecurityKeyName, out lists))                {                    string securityKey = lists.FirstOrDefault();                    LogUtility.WriteLog(SecurityKeyName + securityKey);//写日志文件                    try                    {                        EBSecurityData = EBSecurityUtility.GetSecurityData(securityKey);//解密得到的加密串                        LogUtility.WriteLog("EBSecurityData：" + (EBSecurityData != null ? EBSecurityData.ObjectToJson() : ""));                    }                    catch (Exception)                    { }                    if (EBSecurityData != null && EBSecurityData.Expire > DateTime.Now && EBSecurityData.ProviderId > 0)                    {                        GenericIdentity identity = new GenericIdentity(EBSecurityData.ProviderId.ToString(), "Forms");                        GenericPrincipal principal = new GenericPrincipal(identity, new string[] { });                        HttpContext.Current.User = principal;                        isAuth = true;                        string actionName = actionContext.ActionDescriptor.ActionName.ToLower();                        string actionNo;                        EBACLS.TryGetValue(actionName, out actionNo);                        if (!string.IsNullOrWhiteSpace(EBSecurityData.Acl) && !string.IsNullOrWhiteSpace(actionNo))                        {                            string acl = string.Format(",{0},", EBSecurityData.Acl);                            isPermission = acl.Contains("," + actionNo + ",");                        }                    }                }                if (!isAuth)                {                    throw new BusinessException("登录验证失败", 401);                }                else if (!isPermission)                {                    throw new BusinessException("未授权", 403);                }            }        }        public static Dictionary
      
        EBACLS { get; set; }        Dictionary
       
         SetEBACLSData()        {            Dictionary
        
          dic = new Dictionary
         
          ();            dic.Add("getorderitemoperaterecords", "01");            dic.Add("getorderitemchangedetail", "02");            return dic;        }    }

http头请求演示样例：

User-Agent: Fiddler

Host: localhost

Content-Length: 478

Content-Type: text/json

MySecurityKey: roxnQNJLa0voulfXMcGugvhKJT1njtDV1Hmu67MbGPIU0UlEVmKXjXkPJ5d7dn1HdD%2BPDM%2Fsa9IJn36NksxQE1MdQ8Mqt1JqhvTTvQfG3zhrSFYgMQVAe3AuYcEN%2F9873lIjXXyuK%2FUQ75vJ3kH3bYIZykRmSvR4fPMbxNVWhVHuhO%2BdVJJQDpLS2Pihy1KbjffkcMNYBZJWdPu%2FLzYCIesaLh%2FDC85IOUi9OOdWzaPMjbvPXoBN7ahN%2Fj%2BkmWNJiYBxPPVO3IU%3D

拿到了 MySecurityKey 的值，想怎么处理就怎么处理。我这里仅仅是一样演示样例，有效添加api安全系数。

假设哪个方法非常重要。要使用权限，仅仅要在上面加[ MyAuthFilter] 标签，就能实现权限验证，当然，假设不同的方法。也能够使用不同的过虑器~自己能够随便定义。

转载地址：http://vsyqx.baihongyu.com/

你可能感兴趣的文章