1
我有以下的自定義屬性授權的WebAPI定製的授權屬性不工作
namespace xx.Api
{
public class MyAuthorizeAttribute : AuthorizeAttribute
{
public MyAuthorizeAttribute(params string[] roleKeys)
{
List<string> users = new List<string>(roleKeys.Length);
var allRoles = (NameValueCollection)ConfigurationManager.GetSection("users");
foreach (var roleKey in roleKeys)
{
users.Add(allRoles[roleKey]);
}
this.Roles = string.Join(",", users);
}
}
}
我有以下的Web API方法
[MyAuthorize("user")]
[ResponseType(typeof(tblArea))]
public IHttpActionResult GettblAreasByActivo()
{
var query = from a in db.tblAreas
orderby a.strArea
select a;
而且我有這個在web.config
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
<section
name="users"
type="System.Configuration.NameValueFileSectionHandler,System, Version=1.0.3300.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</configSections>
<users>
<add key="user" value="domain\firstname.lastname" />
</users>
我把我的用戶名放在那裏,當我將API方法url分享給同事時,他可以立即看到JSON,它應該被拒絕訪問。
我錯過了什麼?
大聲笑問題是,Windows身份驗證是,但也匿名:( –