.net webapi切面验证用户权限
一、创建实体类、实体类工厂
ReturnMsg.cs
/// <summary>
/// 接口返回实体类
/// </summary>
[Serializable]
[DataContract]
public class ReturnMsg<T>
{
/// <summary>
/// 执行结果 1=成功,0=失败
/// </summary>
[DataMember]
public int Code { get; set; }
/// <summary>
/// 错误描述
/// </summary>
[DataMember]
public string Description { get; set; }
/// <summary>
/// 返回实体
/// </summary>
[DataMember]
public T Value { get; set; }
}
ReturnMsgFac.cs
/// <summary>
/// 获取接口返回实体类
/// </summary>
public class ReturnMsgFac
{
/// <summary>
/// 获取成功的返回值
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="t"></param>
/// <returns></returns>
public static ReturnMsg<T> GetSuccessReturnMsg<T>(T t)
{
return new ReturnMsg<T>()
{
Code = 1,
Description = string.Empty,
Value = t
};
}
/// <summary>
/// 获取成功的返回值
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="t"></param>
/// <param name="des"></param>
/// <returns></returns>
public static ReturnMsg<T> GetSuccessReturnMsg<T>(T t, string des)
{
return new ReturnMsg<T>()
{
Code = 1,
Description = des,
Value = t
};
}
/// <summary>
/// 获取错误的返回值
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="t"></param>
/// <returns></returns>
public static ReturnMsg<T> GetErrorReturnMsg<T>(string des)
{
return new ReturnMsg<T>()
{
Code = 0,
Description = des,
Value = default(T)
};
}
}
二、创建切面类
引用圈起来的4个类库,框架没有的就从nuget里面找。
APIInitAttribute.cs
/// <summary>
/// API初始化切面
/// </summary>
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false)]
public class APIInitAttribute : ActionFilterAttribute
{
/// <summary>
/// 方法Id
/// </summary>
private int _MethodId;
public int MethodId
{
get
{
return _MethodId;
}
set
{
_MethodId = value;
}
}
/// <summary>
/// 切面开始时间
/// </summary>
private DateTime _StartTime;
/// <summary>
/// API开始时间
/// </summary>
private DateTime _RealStartTime;
/// <summary>
/// 结束时间
/// </summary>
private DateTime _EndTime;
public APIInitAttribute()
{
}
public APIInitAttribute(int methodId)
{
MethodId = methodId;
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
//切面开始时间
_StartTime = DateTime.Now;
//1.获取使用切面者的数据
string method = actionContext.Request.Method.Method;//拿到method
string token = actionContext.RequestContext.RouteData.Values["token"].ToString();//拿到路由参数token
string userID = actionContext.RequestContext.RouteData.Values["userID"].ToString();//拿到路由参数userID
string FormDataValue;
if (actionContext.Request.Content.Headers.ContentType != null && actionContext.Request.Content.Headers.ContentType.MediaType == "multipart/form-data")
{
HttpContextBase context = (HttpContextBase)actionContext.Request.Properties["MS_HttpContext"];//获取传统context
HttpRequestBase request = context.Request;//获取传统request
FormDataValue = request.Form["FormDataKey"];//拿到表单参数
}
//2.权限校验工作
bool isPass = false;//权限是否通过标记
{
//权限是否通过业务校验
//TO DO...
isPass = true;
}
if (!isPass)
{
//权限未通过则直接返回,不执行其他步骤
ReturnMsg<object> rs = ReturnMsgFac.GetErrorReturnMsg<object>("权限未通过");
actionContext.Response = new HttpResponseMessage { Content = new StringContent(JsonConvert.SerializeObject(rs), Encoding.GetEncoding("UTF-8"), "application/json") };
base.OnActionExecuting(actionContext);
return;
}
//API开始时间
_RealStartTime = DateTime.Now;
}
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
//结束时间
_EndTime = DateTime.Now;
//TO DO...
//记录时间
}
}
三、切面类的使用
DefaultController.cs
[RoutePrefix("Default")]
public class DefaultController : ApiController
{
[HttpPost]
[Route("GetNum/{userID}/{token}")]
[APIInit(1)]//切面类的使用
public ReturnMsg<int> GetNum()
{
return ReturnMsgFac.GetSuccessReturnMsg(1);
}
}
浙公网安备 33010602011771号