我有一个控制器,上面有 3 个操作方法,其中两个是常规 OData 调用,第三个是函数。使用 Azure AD 和 ADAL 保护 WebAPI。
CustomAuthAttribute(IsAppAuthorizing 只需检查 web.config 条目)
public class OpsmApiAuthorizeAttribute : AuthorizeAttribute
{
/// <summary>
/// Returns whether or not the user has authenticated with ADFS and whehter ornot we are configured to do authorization
/// </summary>
/// <param name="actionContext"></param>
/// <returns></returns>
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if (HttpContext.Current.IsAppAuthorizing())
return base.IsAuthorized(actionContext);
return true;
}
}
启动.Auth.cs
public void ConfigureAuth(IAppBuilder app)
{
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = ConfigurationManager.AppSettings["ida:Audience"],
},
MetadataAddress = ConfigurationManager.AppSettings["ida:MetadataEndpoint"],
});
}
控制器(ByUser 是 OData 函数,没有得到正确的 IPrincple 信息,其他两种方法工作正常)
[OpsmApiAuthorizeAttribute]
public class ProjectsController : BaseController
{
/// <summary>
/// Get a Project Detail for a given project id
/// </summary>
/// <returns>json</returns>
[EnableQuery]
public IQueryable<OPSM.DataAccess.Database.OpsM.PRJ> Get([FromODataUri] string key)
{
...
}
/// <summary>
/// Get all Projects
/// </summary>
/// <returns>json</returns>
[EnableQuery]
public IQueryable<OPSM.DataAccess.Database.OpsM.PRJ> Get()
{
...
}
[HttpGet]
//[CacheOutput(ServerTimeSpan = 60 * 60)]
public IHttpActionResult ByUser([FromODataUri]string userId)
{
...
}
}