如何在Web API授权属性中获取请求cookie?
在.NET中有两个AuthorizeAttribute类。 一个在System.Web.Http命名空间中定义的:
namespace System.Web.Http { // Summary: // Specifies the authorization filter that verifies the request's System.Security.Principal.IPrincipal. [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)] public class AuthorizeAttribute : AuthorizationFilterAttribute { // Summary: // Initializes a new instance of the System.Web.Http.AuthorizeAttribute class. public AuthorizeAttribute(); // Summary: // Gets or sets the authorized roles. // // Returns: // The roles string. public string Roles { get; set; } // // Summary: // Gets a unique identifier for this attribute. // // Returns: // A unique identifier for this attribute. public override object TypeId { get; } // // Summary: // Gets or sets the authorized users. // // Returns: // The users string. public string Users { get; set; } // Summary: // Processes requests that fail authorization. // // Parameters: // actionContext: // The context. protected virtual void HandleUnauthorizedRequest(HttpActionContext actionContext); // // Summary: // Indicates whether the specified control is authorized. // // Parameters: // actionContext: // The context. // // Returns: // true if the control is authorized; otherwise, false. protected virtual bool IsAuthorized(HttpActionContext actionContext); // // Summary: // Calls when an action is being authorized. // // Parameters: // actionContext: // The context. // // Exceptions: // System.ArgumentNullException: // The context parameter is null. public override void OnAuthorization(HttpActionContext actionContext); } }
另一个在System.Web.Mvc命名空间中定义:
namespace System.Web.Mvc { // Summary: // Specifies that access to a controller or action method is restricted to users // who meet the authorization requirement. [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)] public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter { // Summary: // Initializes a new instance of the System.Web.Mvc.AuthorizeAttribute class. public AuthorizeAttribute(); // Summary: // Gets or sets the user roles that are authorized to access the controller // or action method. // // Returns: // The user roles that are authorized to access the controller or action method. public string Roles { get; set; } // // Summary: // Gets the unique identifier for this attribute. // // Returns: // The unique identifier for this attribute. public override object TypeId { get; } // // Summary: // Gets or sets the users that are authorized to access the controller or action // method. // // Returns: // The users that are authorized to access the controller or action method. public string Users { get; set; } // Summary: // When overridden, provides an entry point for custom authorization checks. // // Parameters: // httpContext: // The HTTP context, which encapsulates all HTTP-specific information about // an individual HTTP request. // // Returns: // true if the user is authorized; otherwise, false. // // Exceptions: // System.ArgumentNullException: // The httpContext parameter is null. protected virtual bool AuthorizeCore(HttpContextBase httpContext); // // Summary: // Processes HTTP requests that fail authorization. // // Parameters: // filterContext: // Encapsulates the information for using System.Web.Mvc.AuthorizeAttribute. // The filterContext object contains the controller, HTTP context, request context, // action result, and route data. protected virtual void HandleUnauthorizedRequest(AuthorizationContext filterContext); // // Summary: // Called when a process requests authorization. // // Parameters: // filterContext: // The filter context, which encapsulates information for using System.Web.Mvc.AuthorizeAttribute. // // Exceptions: // System.ArgumentNullException: // The filterContext parameter is null. public virtual void OnAuthorization(AuthorizationContext filterContext); // // Summary: // Called when the caching module requests authorization. // // Parameters: // httpContext: // The HTTP context, which encapsulates all HTTP-specific information about // an individual HTTP request. // // Returns: // A reference to the validation status. // // Exceptions: // System.ArgumentNullException: // The httpContext parameter is null. protected virtual HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext); } }
这两者之间的主要区别是:
- Web API可以使用
System.Web.Http版本 - ASP.NET MVC可以使用
System.Web.Mvc版本 - 当
Mvc版本使用AuthorizationContext类型时,Http版本在OnAuthorization方法中使用HttpActionContext参数类型。
我想在Http版本的AuthorizeAttribute访问请求cookie。 在Mvc版本中,它实现如下:
public class Foo : AuthorizeAttribute { public override void OnAuthorization(AuthorizationContext filterContext) { HttpCookie cookie = filterContext.HttpContext.Request.Cookies.Get("Bar"); } }
有谁知道我怎么能用HttpActionContext做同样的HttpActionContext ? 有可能吗? 如果不可能 – 为什么会这样?
public class Foo : AuthorizeAttribute { public override void OnAuthorization(HttpActionContext actionContext) { var cookie = actionContext.Request.Headers.GetCookies("Bar").FirstOrDefault(); } }
string sessionId = ""; CookieHeaderValue cookie = Request.Headers.GetCookies("bar").FirstOrDefault(); if (cookie != null) { sessionId = cookie["bar"].Value; }
GetCookies返回cookie S的集合,然后您将需要获取所需的cookie。
public class Foo : AuthorizeAttribute { public override void OnAuthorization(HttpActionContext actionContext) { var cookies = actionContext.Request.Headers.GetCookies("Bar").FirstOrDefault(); var cookie = cookies["Bar"]; } }