Cha*_*lie 5 c# asp.net-core-localization asp.net-core-webapi
它是一个asp.net核心webapi项目,我只是把[Authorize]属性放在了保护那些apis上。如果用户未授权,api 将返回“401 未授权”。
我的问题是如果未经授权,我如何本地化“401 未授权”消息。
对于其他数据注释,我可以设置DataAnnotation 属性的ErrorMessage属性,例如 [Required(ErrorMessage = "xxx")]。但是,AuthorizeAttribute 没有这样的属性。
感谢@Athanasios,我想出了我的解决方案,希望它可以帮助某人。(ErrorMessages 只是一个共享类)。
using System;
using System.Threading.Tasks;
using YourNamespace.Messages;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Localization;
using Microsoft.Extensions.Logging;
namespace YourNamespace.Attributes
{
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
public class LocalizedAuthorizeAttribute : AuthorizeAttribute, IAsyncAuthorizationFilter
{
public string UnauthorizedErrorMessage { get; set; }
public string ForbiddenErrorMessage { get; set; }
public LocalizedAuthorizeAttribute()
{
}
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
var user = context.HttpContext.User;
var localizer = context.HttpContext.RequestServices.GetService<IStringLocalizer<ErrorMessages>>();
var logger = context.HttpContext.RequestServices.GetService<ILogger<LocalizedAuthorizeAttribute>>();
string url = $"{context.HttpContext.Request.Scheme}://{context.HttpContext.Request.Host}{context.HttpContext.Request.Path}{context.HttpContext.Request.QueryString}";
if (!user.Identity.IsAuthenticated)
{
logger.LogInformation($"Unauthroized access to '{url}' from {context.HttpContext.Connection.RemoteIpAddress.ToString()}");
UnauthorizedErrorMessage = UnauthorizedErrorMessage ?? "Unauthorized";
ProblemDetails problemDetails = new ProblemDetails()
{
Title = localizer[UnauthorizedErrorMessage],
Detail = localizer[UnauthorizedErrorMessage + "_Detail"],
Status = StatusCodes.Status401Unauthorized
};
context.Result = new ObjectResult(problemDetails)
{
StatusCode = StatusCodes.Status401Unauthorized,
DeclaredType = problemDetails.GetType(),
};
}
else
{
ForbiddenErrorMessage = ForbiddenErrorMessage ?? "Forbidden";
var authorizeService = context.HttpContext.RequestServices.GetService<IAuthorizationService>();
if (!String.IsNullOrWhiteSpace(Policy))
{
AuthorizationResult result = await authorizeService.AuthorizeAsync(user, Policy);
if (!result.Succeeded)
{
logger.LogWarning($"Forbidden access to '{url}' from {context.HttpContext.Connection.RemoteIpAddress.ToString()}");
ProblemDetails problemDetails = new ProblemDetails()
{
Title = localizer[ForbiddenErrorMessage],
Detail = localizer[ForbiddenErrorMessage + "_Detail"],
Status = StatusCodes.Status403Forbidden
};
context.Result = new ObjectResult(problemDetails)
{
StatusCode = StatusCodes.Status403Forbidden,
DeclaredType = problemDetails.GetType(),
};
}
}
}
}
}
}
上面的代码将向客户端返回问题详细信息。
您需要创建一个如下所示的自定义属性: https: //learn.microsoft.com/en-us/aspnet/web-api/overview/security/authentication-filters
public class AuthenticationFailureResult : IHttpActionResult
{
public AuthenticationFailureResult(string reasonPhrase, HttpRequestMessage request)
{
ReasonPhrase = reasonPhrase;
Request = request;
}
public string ReasonPhrase { get; private set; }
public HttpRequestMessage Request { get; private set; }
public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
{
return Task.FromResult(Execute());
}
private HttpResponseMessage Execute()
{
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
response.RequestMessage = Request;
response.ReasonPhrase = ReasonPhrase;
return response;
}
}
然后,您可以使用您自己的属性来代替授权属性。
有关更具体的示例,请在此处查看此答案
如果您查看此处的文档,您会发现除了创建自定义属性之外没有其他方法可以做到这一点。