? ? ? ? 前后端分離的開發中，應用服務需要進行用戶身份的驗證才允許訪問數據。實現的方法很簡單。創建一個webapi項目。在App_Start目錄下找到WebApiConfig.cs， 在里面增加一個實現類。

  public static class WebApiConfig
    {
        public static void Register(HttpConfiguration config)
        {
            // Web API 配置和服務
            config.Filters.Add(new CustomAuthorize());
            // Web API 路由
            config.MapHttpAttributeRoutes();

            config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional }
            );
        }

        public class CustomAuthorize : AuthorizationFilterAttribute
        {
            public override void OnAuthorization(HttpActionContext actionContext)
            {
                //如果用戶的Action帶有AllowAnonymousAttribute，則不用檢測
                if (actionContext.ActionDescriptor.GetCustomAttributes<System.Web.Http.AllowAnonymousAttribute>().Any())
                {
                    return;
                }

                app 接口檢測 
                object au = actionContext.Request.Headers.Authorization;
                if (au == null)
                {
                    actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new { Ret = 4002, Msg = "Token錯誤!" });
                }
                else if (!Redis.haskey(au.ToString()))
                {
                    actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new { Ret = 4008, Msg = "Token超時!" });
                }
            }
        }
    }

Controller 類的實現：

 [RoutePrefix("api/v1")]
    public class ValuesController : ApiController
    {
        [AllowAnonymous]  //匿名訪問
        [Route("getData1"), HttpPost]
        public JObject getData1([FromBody] JObject data)
        {
            return data;
        }

        //登錄訪問
        [Route("getData2"), HttpPost]
        public JObject getData2([FromBody] JObject data)
        {
            return data;
        }

    }