我创建了一个新的 MVC4 应用程序并安装了 nuget 包 Breeze.MVC4WebApiClientSample
在 BreezeSampleController 中,我添加了一个“Authorize”属性。当我浏览到这里
http://localhost:XXXXX/api/BreezeSample/todos时,我仍然可以看到数据。
如何授权通话?我试图删除 BreezeController 属性并添加这些 [ODataActionFilter, JsonFormatter] 但我有另一个错误(控制器“帖子”上的操作“帖子”.....不支持查询)
从微风 v0.82.1 开始,现在应该已修复此问题。BreezeController 属性将不再导致删除任何授权属性。
My bad. The [BreezeController] attribute was too aggressive in removing ambient action filters; it apparently removed the filter responsible for the [Authorize] attribute. I have a fix that is currently under review.
The "[ODataActionFilter, JsonFormatter]" formula didn't suffer from this problem because it didn't remove any existing filters. Of course that was a problem too. If you used the new ASP.NET MVC SPA template ... and I think you are! ... then its QueryFilterProvider conflicted with our ODataActionFilter ... which is why we invented the [BreezeController] attribute and why, I think, that you're getting the error about not supporting querying. Can you confirm that you built your app from that SPA template?
Btw ... what 'Posts' action are you talking about? The "Breeze.MVC4WebApiClientSample" does not have such an action.
In any case, we expect to have the [BreezeController] attribute working properly with [Authorize] very soon.