3

我正在尝试使用 MVC 样式授权过滤器作为 OData Web API 控制器的 Get() 操作方法的属性,但授权过滤器被忽略。可以将授权属性与 EntitySetController 或 ODataController 一起使用吗?

public class MyEntityController : EntitySetController<MyEntity, int>
{
    [CustomAuthorizeAttribute(AccessPermission.View)]
    [Queryable( AllowedQueryOptions = AllowedQueryOptions.All)]
    public override IQueryable<MyEntity> Get()
    {
        // Contents omitted.
    }
}

public class CustomAuthorizeAttribute : AuthorizeAttribute
{
    public AccessPermission RequiredPermission { get; set; }

    public CustomAuthorizeAttribute(AccessPermission requiredPermission)
    {
        RequiredPermission = requiredPermission;
    }
}
4

1 回答 1

4

是的,他们可以,但自定义身份验证属性应该继承自System.Web.Http.AuthorizeAttribute

试试这个实现:

public class CustomAuthorizeAttribute : System.Web.Http.AuthorizeAttribute
{
    public AccessPermission RequiredPermission { get; set; }

    public CustomAuthorizeAttribute(AccessPermission requiredPermission)
    {
        RequiredPermission = requiredPermission;
    }
}
于 2013-03-07T02:33:11.113 回答