met*_*art 5 .net asp.net-web-api
除非明确允许授权,否则是否可以拒绝项目中每个ASP.NET Web API控制器的授权(即使对于经过身份验证的用户)?
我正在寻找类似的东西:
WebApiConfig
config.Filters.Add(new DenyAuthorizationAttribute()); // ??
ExampleController.cs
public class ExampleController : ApiController
{
[Authorize(Roles = "Admins")]
public string GetHello_OnlyAdmins()
{
// only admins can call this
}
[AllowAnonymous]
public void PostSomething_Everybody()
{
// ...
}
public void DeleteSomething_NoOne()
{
// nobody can call this - we want to force the programmer to be specific about authorized roles
}
}
将其添加到 globa.asax 文件中的 api 配置方法中:
private static void ConfigureApis(HttpConfiguration config)
{
//create AuthorizeAttribute from System.Web.Http
var auth = new AuthorizeAttribute { Roles = "Admin" };
//add it to webapi configuration
config.Filters.Add(auth);
}
| 归档时间: |
|
| 查看次数: |
852 次 |
| 最近记录: |