"Web-based education system for wheat silk "Uses a front-end and back-end code separation architecture, that is,"Miidy.Cloud.Console"station and"Miidy.Cloud.Manage"station (two front-end stations) simultaneously invoke the"Miidy.Cloud.RestWeb"web service through web api to achieve front-end and back-end code separation (see the Maidi Web Education System for details) Install deployment documentation ).Because the "Miidy.Cloud.Manage" site is only open to users with administrative privileges, in addition to adding control at the front end, permission control is also required within the "Miidy.Cloud.RestWeb" web service.So, how do you implement permission control based on users within a "Miidy.Cloud.RestWeb" web service?
IActionFilter
Within the Miidy.Cloud.RestWeb program, we will use the IActionFilter interface to intercept requests.The interface provides two methods ( Official Documents They are OnActionExecuted (after the Action is executed) and OnActionExecuting (before the Action is executed).On demand, we can implement OnActionExecuting.
Attribute
Using the Attribute attribute feature, we can help us use interceptors on demand within the method specified by Miidy.Cloud.RestWeb, which makes it easy to achieve the purpose of privilege control.
Realization
As mentioned above, we have a clear idea of the implementation, so let's take a look at the code implementation of the Miidy.Cloud.RestWeb program interceptor:
1. First, we create an interceptor class named "ManageVerifyAttribute", which ends with "Attribute", inherit the "Attribute" class, and implement "IActionFilter".Business code is written within the OnActionExecuting method.The code is as follows:
1 2 namespace Miidy.Cloud.Provider 3 { 4 /// <summary> 5 ///This filter is provided to all external estApi interfaces for use 6 ///Used when there is a need to verify that each interface/method is invoked only for administrative users 7 ///Method Level Overrunner 8 /// </summary> 9 public class ManageVerifyAttribute : Attribute, IActionFilter 10 { 11 public void OnActionExecuted(ActionExecutedContext context) 12 { 13 } 14 15 /// <summary> 16 ///Determine if the user is an administrative role, not throw an exception 17 /// </summary> 18 /// <param name="context"></param> 19 public void OnActionExecuting(ActionExecutingContext context) 20 { 21 if (context.HttpContext.User.Identity.IsAuthenticated) 22 { 23 var roleType = int.Parse(context.HttpContext.User.Claims.First(c => c.Type == "roleType").Value); 24 //Not a manager 25 if (roleType <= 0 || roleType >= 4) 26 { 27 context.Result = new JsonResult(new Result(214)); 28 } 29 } 30 else 31 context.Result = new JsonResult(new Result(214)); 32 } 33 34 } 35 } 36
2. By typing the [ManageVerify] attribute in the method of Web Api, the interceptor function can be implemented as follows:
1 2 /// <summary> 3 ///Synchronize individual data, increase data if it does not exist, otherwise modify 4 /// </summary> 5 /// <param name="ids"></param> 6 /// <returns></returns> 7 [Route("SynchrDataByModel")] 8 [HttpPost] 9 [ManageVerify] 10 public async Task<Result> SynchrDataByModel(MC_Ware model) 11 { 12 var resul = await _WareCore.SynchrDataAsync(new List<MC_Ware> { model }); 13 if (resul <= 0) 14 return new Result(211); 15 return new Result(200); 16 }
summary
1. Intercept requests based on the IActionFilter interface.
2. Attribute-based attributes help us use interceptors within specified WebApi methods as needed.
statement
This article was originally created by the author. Please note the source and keep the original address for reprinting. Thank you.If the article can help you, please click on the recommendation or attention, thank you for your support!