前言
WebApi拦截器自定义授权处理, 针对Net Core WebApi项目
代码展示
/// <summary>
/// 自定义特性处理 需要使用的话对应的方法添加特性
/// </summary>
public class AuthorizeRequestAttribute : TypeFilterAttribute
{
#region 字段
/// <summary>
/// 是否忽略过滤器
/// </summary>
private readonly bool _ignoreFilter;
#endregion
#region 构造函数
/// <summary>
/// 构造函数
/// </summary>
/// <param name="ignore">是否忽略过滤。默认为false</param>
public AuthorizeRequestAttribute(bool ignore = false) : base(typeof(AuthorizeFilter))
{
this._ignoreFilter = ignore;
this.Arguments = new object[] { ignore };
}
#endregion
#region 属性
/// <summary>
/// 获取是否忽略过滤?
/// </summary>
public bool IgnoreFilter => _ignoreFilter;
#endregion
#region 内部过滤器
/// <summary>
/// 管理员授权过滤器
/// </summary>
private class AuthorizeFilter : IAuthorizationFilter
{
#region 字段
//是否忽略过滤器
private readonly bool _ignoreFilter;
#endregion
#region 构造函数
//过滤器声明
public AuthorizeFilter(bool ignoreFilter )
{
this._ignoreFilter = ignoreFilter;
}
#endregion
#region 方法
/// <summary>
/// 验证过滤器信息
/// </summary>
/// <param name="filterContext"></param>
public void OnAuthorization(AuthorizationFilterContext filterContext)
{
if (filterContext == null)
throw new ArgumentNullException(nameof(filterContext));
//检查是否已经被 Action 方法重写了
var actionFilter = filterContext.ActionDescriptor.FilterDescriptors
.Where(filterDescriptor => filterDescriptor.Scope == FilterScope.Action)
.Select(filterDescriptor => filterDescriptor.Filter).OfType<AuthorizeRequestAttribute>().FirstOrDefault();
//没有特性不处理,忽略也不处理
if (actionFilter?.IgnoreFilter ?? _ignoreFilter)
return;
if (filterContext.Filters.Any(filter => filter is AuthorizeFilter))
{
//下面是访问自定义的服务,获取当前登录用户是否有权限访问
var authorzation = filterContext.HttpContext.Request.Headers["Authorization"];
//验证token不为空的情况下进行 赋值处理
if (!string.IsNullOrWhiteSpace(authorzation))
{
int remainTime = 0;
//解析对应的Token
var info = JWTHelper.CheckToken(authorzation.ToString(), out remainTime);
if (info == null)
{
//验证失败 进行拦截处理 为空处理
ApiResult apiResult = new ApiResult() { code = 0, msg = "非法请求,AccessToken异常" };
filterContext.HttpContext.Response.ContentType = "application/json";
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.OK;
filterContext.Result = new JsonResult(apiResult);
}
else
{
UserContext.AccountId = info.accountId;
UserContext.UserName = info.accountId;
UserContext.UserTrueName = DateTime.Now.ToString();
UserContext.Token = authorzation;
return;
}
}
else {
//有添加对应的特性要求 需要拦截处理
ApiResult apiResult = new ApiResult() { code = 0, msg = "非法请求" };
filterContext.HttpContext.Response.ContentType = "application/json";
filterContext.HttpContext.Response.StatusCode = (int)HttpStatusCode.OK;
filterContext.Result = new JsonResult(apiResult);
}
}
}
#endregion
}
#endregion
}
注意事项
需要进行startup.cs进行补充
//添加对应的拦截器信息
services.AddMvc(options =>
{
//添加拦截器
options.Filters.Add<AuthorizeRequestAttribute>();
});
如何使用
/// <summary>
/// 撤回审批接口
/// </summary>
/// <param name="req"></param>
/// <returns></returns>
[HttpPost]
[AuthorizeRequestAttribute] //不忽略
public async Task<WebApiResult<WithdrawFormRsp>> WithdrawForm([FromBody] WebApiRequest<WithdrawFormReq> req)
{
var rsp = new WebApiResult<WithdrawFormRsp>();
rsp.msg = "处理结果信息";
return rsp;
}
/// <summary>
/// 修改记录接口
/// </summary>
/// <param name="req"></param>
/// <returns></returns>
[HttpPost]
[AuthorizeRequestAttribute(true)] //忽略
public async Task<WebApiResult<List<EditRecordRsp>>> EditRecord([FromBody] WebApiRequest<WithdrawFormReq> req)
{
var rsp = new WebApiResult<List<EditRecordRsp>>();
rsp.msg = "处理结果信息";
return rsp;
}