通过获取请求头中的 “UserName” 值来检索用户名称。如果未找到用户名称或用户名称不是 “admin”,则返回一个状态码为 Unauthorized 的 HttpResponseMessage 对象表示拒绝访问
先添加一个类
public class MyAutorFilter : IAuthorizationFilter
{
public MyAutorFilter()
{
}
public bool AllowMultiple => true;
public async Task<HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func<Task<HttpResponseMessage>> continuation)
{
IEnumerable<string> userNames;
if (!actionContext.Request.Headers.TryGetValues("UserName", out userNames))
{
return new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
string userName = userNames.First();
if (userName == "admin")
{
return await continuation();
}
else
{
return new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
}
}
在App_Start对应的类添加
config.Filters.Add(new MyAutorFilter());