我在 ASP.net Web API 项目(不是 asp.net 核心)中实现了自定义授权,如下所示
namespace TestApp
{
public class AuthorizeFilterAttribute : AuthorizeAttribute
{
protected override bool IsAuthorized(HttpActionContext httpContext)
{
foreach (var item in httpContext.Request.Headers)
{
string skey = item.Key;
var val = item.Value;
Debug.WriteLine(skey + "-" + val.ToString()); //On this line I get the value for custom header "SecurityToken"
}
//The below line returns NULL
var key = httpContext.Request.Headers.Where(z => z.Key == "SecurityToken").FirstOrDefault();
//The below lines also return value as NULL
httpContext.Request.Headers.TryGetValues("SecurityToken", out IEnumerable<string> authorizationToken);
string securityCodes = Convert.ToString(httpContext.Request.Headers.GetValues("SecurityToken").FirstOrDefault());
bool tryGetValue = httpContext.ActionArguments.TryGetValue("data", out object data);
}
}
}
但是,如果我在我的 Controller 函数中使用如下相同的代码,我可以获取 Header 值
public class HomeController : ApiController
{
[HttpGet]
[Route("api/Home/GetBanners")]
public APIResponse GetBanners()
{
//Able to get values here
string code = Request.Headers.GetValues("SecurityToken").First();
}
}
主要问题是当我尝试使用 POSTMAN 调用 API 时,自定义授权通过了测试,但是当我从前端应用程序发出相同的调用时,它失败了。有任何想法吗?