To determine HTTP header information in the. Net MVC Architecture API interface Implement public permission validation filter example

Control action

public class Testcontroller:apicontroller{[myauthfilter]public string test (String str) {return str. Trim ();}}

Filter class public class Myauthfilter:actionfilterattribute {const string securitykeyname = "Mysecuritykey";//h        The name of the TTP header, public object _ebacls = new Object ();  public override void OnActionExecuting (System.Web.Http.Controllers.HttpActionContext actioncontext) {if (Ebpermission = = "1")//Judgment permission {if (ebacls = = null) {Lock (_eb                    ACLS) {ebacls = Setebaclsdata ();                }} bool Isauth = FALSE;                BOOL ispermission = false;                Ebsecuritydata Ebsecuritydata = null;//custom Object ienumerable<string> lists; if (ActionContext.Request.Headers.TryGetValues (Securitykeyname, out lists)) {string sec Uritykey = lists.                    FirstOrDefault (); Logutility.writelog (Securitykeyname + securitykey);//write Log file try                    {ebsecuritydata = Ebsecurityutility.getsecuritydata (SecurityKey);//decryption of the resulting cryptographic string Logutility.writelog ("Ebsecuritydata:" + (ebsecuritydata! = null?)                    Ebsecuritydata.objecttojson (): "")); } catch (Exception) {} if (ebsecuritydata! = null && EBS                        Ecuritydata.expire > DateTime.Now && ebsecuritydata.providerid > 0) {                        GenericIdentity identity = new GenericIdentity (EBSecurityData.ProviderId.ToString (), "Forms");                        GenericPrincipal principal = new GenericPrincipal (identity, new string[] {});                        HttpContext.Current.User = Principal;                        Isauth = true;                        String actionname = ActionContext.ActionDescriptor.ActionName.ToLower ();                        String Actionno; Ebacls. TryGetValue (ActionName,Out Actionno); if (!string. Isnullorwhitespace (EBSECURITYDATA.ACL) &&!string. Isnullorwhitespace (Actionno)) {string ACL = string.                            Format (", {0},", Ebsecuritydata.acl); Ispermission = ACL.                        Contains ("," + Actionno + ","); }}} if (!isauth) {throw new business                Exception ("Login verification Failed", 401);                } else if (!ispermission) {throw new Businessexception ("Unauthorized", 403);        }}} public static dictionary<string, string> ebacls {get; set;} Dictionary<string, string> Setebaclsdata () {dictionary<string, string> dic = new Dictionary            <string, string> (); Dic.            ADD ("Getorderitemoperaterecords", "01"); Dic. ADD ("Getorderitemchangedetail", "02");        return dic; }    }

HTTP Header Request Example:

User-agent:fiddler
Host:localhost
content-length:478
Content-type:text/json
mysecuritykey:roxnqnjla0voulfxmcgugvhkjt1njtdv1hmu67mbgpiu0ulevmkxjxkpj5d7dn1hdd%2bpdm% 2fsa9ijn36nksxqe1mdq8mqt1jqhvttvqfg3zhrsfygmqvae3auycen%2f9873lijxxyuk%2fuq75vj3kh3byizykrmsvr4fpmbxnvwhvhuho% 2bdvjjqdpls2pihy1kbjffkcmnybzjwdpu%2flzyciesalh%2fdc85ioui9oodwzapmjbvpxobn7ahn%2fj%2bkmwnjiybxppvo3iu%3d

Get the value of Mysecuritykey, how to deal with how to deal with, I am just the same example, effectively increase the API safety factor.

If the method is important, use permissions, as long as you add [Myauthfilter] tags, you can implement authorization validation, of course, if different methods, you can also use different filters ~ themselves can be arbitrarily defined.

To determine HTTP header information in the. Net MVC Architecture API interface Implement public permission validation filter example