25 lines
927 B
C#
25 lines
927 B
C#
namespace WebApi_data_value.Authorization;
|
|
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Mvc.Filters;
|
|
using WebApi_data_value.Entities;
|
|
|
|
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
|
|
public class AuthorizeAttribute : Attribute, IAuthorizationFilter
|
|
{
|
|
public void OnAuthorization(AuthorizationFilterContext context)
|
|
{
|
|
// skip authorization if action is decorated with [AllowAnonymous] attribute
|
|
var allowAnonymous = context.ActionDescriptor.EndpointMetadata.OfType<AllowAnonymousAttribute>().Any();
|
|
if (allowAnonymous)
|
|
return;
|
|
|
|
// authorization
|
|
var user = (User?)context.HttpContext.Items["User"];
|
|
if (user == null)
|
|
{
|
|
// not logged in or role not authorized
|
|
context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized };
|
|
}
|
|
}
|
|
} |