parking-html/Parking_spaces/Authorization/AuthorizeAttribute.cs

namespace Parking_spaces.Authorization;

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Parking_spaces.Entities;

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class AuthorizeAttribute : Attribute, IAuthorizationFilter
{
    public void OnAuthorization(AuthorizationFilterContext context)
    {
        // skip authorization if action is decorated with [AllowAnonymous] attribute
        var allowAnonymous = context.ActionDescriptor.EndpointMetadata.OfType<AllowAnonymousAttribute>().Any();
        if (allowAnonymous)
            return;

        // authorization
        var user = (User?)context.HttpContext.Items["User"];
        if (user == null)
        {
            // not logged in or role not authorized
            context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized };
        }
    }
}
加入專案檔案。 2024-02-01 11:37:15 +08:00			`namespace Parking_spaces.Authorization;`

			`using Microsoft.AspNetCore.Mvc;`
			`using Microsoft.AspNetCore.Mvc.Filters;`
			`using Parking_spaces.Entities;`

			`[AttributeUsage(AttributeTargets.Class \| AttributeTargets.Method)]`
			`public class AuthorizeAttribute : Attribute, IAuthorizationFilter`
			`{`
			`public void OnAuthorization(AuthorizationFilterContext context)`
			`{`
			`// skip authorization if action is decorated with [AllowAnonymous] attribute`
			`var allowAnonymous = context.ActionDescriptor.EndpointMetadata.OfType<AllowAnonymousAttribute>().Any();`
			`if (allowAnonymous)`
			`return;`

			`// authorization`
			`var user = (User?)context.HttpContext.Items["User"];`
			`if (user == null)`
			`{`
			`// not logged in or role not authorized`
			`context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized };`
			`}`
			`}`
			`}`