1

我使用 HttpParameterBinding 不仅为 webAPI 操作的参数分配值,而且还使用它来检查权限。

public override Task ExecuteBindingAsync(ModelMetadataProvider metadataProvider, HttpActionContext actionContext, CancellationToken cancellationToken)
        {
            //I get the userId from another parameter that is set from another parameter binding
            int userId = Convert.ToInt32(actionContext.ActionArguments["userId"]);

            var permission = getPermissions(userId);
            if (permission < minRight)
            {
                actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized)
                {
                    Content = new StringContent("Permission Denied.")
                };
            }

            actionContext.ActionArguments[Descriptor.ParameterName] = permission;

            var taskSource = new TaskCompletionSource<object>();
            taskSource.SetResult(null);
            return taskSource.Task;
        }

然而,这继续执行。有没有办法,最好不抛出异常,在这里返回401响应,不继续执行。

4

0 回答 0