using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Http; using System.Web.Http.Controllers; using JWT; using WebApplication1; using ICSSoft.Frame.Data.Entity; using System.Net.Http; using Newtonsoft.Json; using System.Web.Http.Filters; namespace WebApplication1.Attributes { public class ApiAuthorize : AuthorizeAttribute { public override void OnAuthorization(HttpActionContext actionContext) { var authorization = actionContext.Request.Headers.Authorization; if ((authorization != null) && (authorization.Parameter != null)) { //校验Token是否合法 try { if (JwtHelper.Validate(authorization.Parameter)) { base.IsAuthorized(actionContext); } } catch (Exception ex) { HttpContext.Current.Items.Add("error", ex.Message); HandleUnauthorizedRequest(actionContext); } } //接口需要权限认证,但无Token,返回拒绝响应此请求 else { var attributes = actionContext.ActionDescriptor.GetCustomAttributes().OfType(); bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute); if (isAnonymous) base.OnAuthorization(actionContext); else { HttpContext.Current.Items.Add("error", "请传入tocken值!"); HandleUnauthorizedRequest(actionContext); } } } protected override void HandleUnauthorizedRequest(HttpActionContext actionContext) { base.HandleUnauthorizedRequest(actionContext); actionContext.Response.StatusCode = System.Net.HttpStatusCode.Forbidden; var result = new Result() { code = "400", msg = HttpContext.Current.Items["error"].ToString() }; actionContext.Response.Content = new StringContent(JsonConvert.SerializeObject(result)); } } }