c# - Custom authorizations in Web.API

Question

Ask a Question

Welcome To Ask or Share your Answers For Others

c# - Custom authorizations in Web.API

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

My understanding of ASP.NET MVC is that for authorizations I should use something like -

public class IPAuthorize : AuthorizeAttribute {

protected override bool AuthorizeCore(HttpContextBase httpContext) {
    //figure out if the ip is authorized 
    //and return true or false
}

But in Web API, there is no AuthorizeCore(..).

There is OnAuthorization(..) and the general advice for MVC is not to use OnAuthorization(..).

What should I use for custom authorizations in Web API?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

130 views

1 Answer

深蓝 · Answer 1 · 2021-10-23T17:45:28+0000

Authorization is done in an authorization filter - that mean you derive from System.Web.Http.AuthorizeAttribute and implement the IsAuthorized method.

You don't implement authorization in a normal action filter because they run later in the pipeline than authorization filters.

You also don't implement authentication in a filter (like parsing a JWT) - this is done even earlier in an extensibility point called MessageHandler.

Categories

c# - Custom authorizations in Web.API

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags