我正在尝试扩展他的默认Web Api授权属性,以允许经过身份验证的用户访问一组操作,即使它们未在应用程序中注册(例如,他们没有角色)。
public class AuthorizeVerifiedUsersAttribute : AuthorizeAttribute
{
/// <summary>
/// Gets or sets the authorized roles.
/// </summary>
public new string Roles { get { return base.Roles; } set { base.Roles = value; } }
/// <summary>
/// Gets or sets the authorized users.
/// </summary>
public new string Users { get { return base.Users; } set { base.Users = value; } }
private bool _bypassValidation;
/// <summary>
/// Gets of sets a controller or an action as an authorization exception
/// </summary>
public virtual bool BypassValidation
{
get
{
Debug.WriteLine("get:" + TypeId.GetHashCode() + " " + _bypassValidation);
return _bypassValidation;
}
set
{
Debug.WriteLine("set:" + TypeId.GetHashCode() + " " + value);
_bypassValidation = value;
}
}
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
if (BypassValidation)
{
return true;
}
else
{
//return false if user is unverified
}
}
return base.IsAuthorized(actionContext);
}
}
它被这样使用:
[AuthorizeVerifiedUsers]
public class UserProfileController : ApiController
{
[AuthorizeVerifiedUsers(BypassValidation = true)]
public bool Verify(string verificationCode)
{}
}
到目前为止,这个动作是唯一使用BypassValidation = true的动作。
出现此问题的原因是,即使“调试”窗口(在BypassValidation属性中使用)显示以下内容,操作的BypassValidation属性为false:
设置:26833123正确 设置:39602703是的 得到:43424763错 得到:43424763错 get:43424763错误//调用应该有“True”...
我注意到两件事:
- TypeId(属性的唯一标识符)在具有BypassValidation = true的调用和具有BypassValidation = false的调用之间是不同的。
- id'43424763'没有相应的集合
有任何想法吗?
提前致谢, 若昂