对于Methods添加[AllowAnonymous]可以进行匿名访问,但是对于Controller添加时无效
public class AuthAttribute : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
//如果用户方位的Action带有AllowAnonymousAttribute,则不进行授权验证,但是controller中无效
//if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any())
//{
// return;
//}
//分别验证在method和controller中的AllowAnonymousAttribute属性
if (((ReflectedHttpActionDescriptor)actionContext.ActionDescriptor).MethodInfo.IsDefined(typeof(AllowAnonymousAttribute), true)
||actionContext.ActionDescriptor.ControllerDescriptor.ControllerType.IsDefined(typeof(AllowAnonymousAttribute), true))
{
return;
}
//token验证
...
}
}