我已将asp.net核心Web API项目从1.0.5迁移到2.2版本。迁移后,[[AllowAnonymous]属性在Middleware类文件中不起作用。它将从中间件本身抛出401未经授权的状态代码。
public class AuthorizationMiddleware
{
private readonly RequestDelegate next;
public AuthorizationMiddleware(RequestDelegate next)
{
this.next = next;
}
public async Task Invoke(HttpContext context)
{
if (context.Request.Method == "OPTIONS")
{
await this.next.Invoke(context);
return;
}
if (context.Request.Path.Value.Contains("swagger"))
{
await this.next.Invoke(context);
return;
}
if (context.Request.Headers.Keys.Contains("Authorization"))
{
await this.next.Invoke(context);
return;
}
else
{
context.Response.StatusCode = 401;
return;
}
}
}
[Route("api/[controller]")]
[AuthorizationModel]
public class CentersController : Controller
{
[AllowAnonymous]
[HttpGet]
public async Task<IActionResult> GetCentersAsync()
{
}
}
AuthorizationModel
public class AuthorizationModelAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext context)
{
string controllerName = context.RouteData.Values["controller"].ToString();
if (context.ActionDescriptor.FilterDescriptors.Any(x => x.Filter is AllowAnonymousFilter))
return;
}
}
如何在我的项目中允许匿名请求?
请让我知道是否有人遇到此问题。
亲切的问候,帕提班
您必须在-AuthorizationModelAttribute中将AllowAnonymousFilter更改为AllowAnonymousAttribute。
并检查AllowAnonymousAttribute是否存在
public override void OnActionExecuting(ActionExecutingContext context)
{
var actionDescriptor = context.ActionDescriptor as ControllerActionDescriptor;
if (actionDescriptor != null)
{
if (actionDescriptor.MethodInfo.GetCustomAttributes(inherit: true)
.Any(a => a.GetType() == (typeof(AllowAnonymousAttribute))))
{
//DoSomething
}
else
{
//DoSomething
}
}
}