asp.net MVCカスタムフィルタ[RESTAuthorize]は無視されます

Question

[RESTAuthorization]は無視され、コードにジャンプしてRest Authorizationフィルタをチェックせずにすべての国を取得します。ここで

は、ここですべての国を取得するためのコードだ RESTAuthorization

using System; 
using System.Collections.Generic; 
using System.Linq; 
using System.Web; 
using System.Web.Mvc; 
using MyWebsite.Repository; 

namespace MyWebsite.API.Attributes 
{ 
    public class RESTAuthorizeAttribute : AuthorizeAttribute 
    { 
     private ISecurityRepository _repository; 

     public RESTAuthorizeAttribute() 
      : this(new SecurityRepository()) 
     { 

     } 

     public RESTAuthorizeAttribute(ISecurityRepository repository) 
     { 
      _repository = repository; 
     } 

     private const string _securityToken = "token"; 

     public override void OnAuthorization(AuthorizationContext filterContext) 
     { 
      if (Authorize(filterContext)) 
      { 
       return; 
      } 

      HandleUnauthorizedRequest(filterContext); 
     } 

     protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) 
     { 
      base.HandleUnauthorizedRequest(filterContext); 
     } 

     private bool Authorize(AuthorizationContext actionContext) 
     { 
      try 
      { 
       HttpRequestBase request = actionContext.RequestContext.HttpContext.Request; 
       string token = request.Params[_securityToken]; 
       string ip = _repository.GetIP(request); 

       return _repository.IsTokenValid(token, ip, request.UserAgent); 
      } 
      catch (Exception) 
      { 
       return false; 
      } 
     } 
    } 
} 

ためのコードです。 RestAuthorizeは、あなたがメソッドを実装する必要がありますがSystem.Web.Http.AuthorizeAttributeを実装すると仮定すると

[RESTAuthorize] 
[HttpGet] 
public IEnumerable<dtoCountry> GetAllCountry() 
{ 
    try 
    { 
     return _repository.GetAllCountry().ToList(); 
    } 
    catch (UnauthorizedAccessException) 
    { 
     throw new HttpResponseException(HttpStatusCode.Unauthorized); 
    } 
    catch (Exception) 
    { 
     throw new HttpResponseException(HttpStatusCode.InternalServerError); 
    } 
} 

Answer 1

を無視されている：（

protected override bool IsAuthorized(HttpActionContext actionContext) 
{ 

} 

私はOnAuthorizationを呼び出すことは必要ではないと信じているのが、あなたが必要な場合は、それを維持することができますそれ）、ので、あなたのコード例は次のようになります。

using System; 
using System.Collections.Generic; 
using System.Linq; 
using System.Web; 
using System.Web.Http; 
using System.Web.Http.Controllers; 

namespace MyWebsite.API.Attributes 
{ 
    public class RESTAuthorizeAttribute : AuthorizeAttribute 
    { 
     private ISecurityRepository _repository; 

     public RESTAuthorizeAttribute() 
      : this(new SecurityRepository()) 
     { 

     } 

     public RESTAuthorizeAttribute(ISecurityRepository repository) 
     { 
      _repository = repository; 
     } 

     private const string _securityToken = "token"; 

     // This function actually decides whether this request will be accepted or not 
     protected override bool IsAuthorized(HttpActionContext actionContext) 
     { 
      //TODO Return true or false, whether you need to accept this request or not 
     } 
    } 
} 

Answer 2

public class Authorizetest: System.Web.Http.AuthorizeAttribute 
{ 
    private const string _securityToken = "token"; 
    public override void OnAuthorization(HttpActionContext actionContext) 
    { 

     if(Authorize(actionContext)) 
     { 
      return; 
     } 
     HandleUnauthorizedRequest(actionContext); 
    } 

    protected override void HandleUnauthorizedRequest(HttpActionContextactionContext) 
    { 
     base.HandleUnauthorizedRequest(actionContext); 
    } 

    private bool Authorize(HttpActionContext actionContext) 
    {   
     try 
     {       
      var context = new HttpContextWrapper(HttpContext.Current); 
      HttpRequestBase request = context.Request;    
      string token = request.Params[_securityToken]; 
      bool xyz = ValidatingTokens.IsTokenValid(token, 
      CommonManager.GetIP(request), request.UserAgent); 
      return xyz; 
     } 
     catch (Exception) 
     { 
      return false; 
     } 
    } 
}