2023年6月20日发(作者：)

C#WebApi过滤器（开发接⼝必备利器）在WEB Api中，引⼊了⾯向切⾯编程（AOP）的思想，在某些特定的位置可以插⼊特定的Filter进⾏过程拦截处理。引⼊了这⼀机制可以更好地践⾏DRY(Don’t RepeatYourself)思想，通过Filter能统⼀地对⼀些通⽤逻辑进⾏处理，如：权限校验、参数加解密、参数校验等⽅⾯我们都可以利⽤这⼀特性进⾏统⼀处理，今天我们来介绍Filter的开发、使⽤以及讨论他们的执⾏顺序。⼀、Filter的开发和调⽤ 在默认的WebApi中，框架提供了三种Filter，他们的功能和运⾏条件如下表所⽰：Filter 类型实现的接⼝描述AuthorizationIAuthorizationFilter最先运⾏的Filter，被⽤作请求权限校验ActionIActionFilter在Action运⾏的前、后运⾏ExceptionIExceptionFilter当异常发⽣的时候运⾏ ⾸先，我们实现⼀个AuthFilterOutside可以⽤以简单的权限控制：public class AuthFilterOutside: AuthorizeAttribute{ private SP_PortUserBLL sp_portuserbll = new SP_PortUserBLL(); //重写基类的验证⽅式，加⼊我们⾃定义的Ticket验证

public override void OnAuthorization(HttpActionContext actionContext) { //url获取token

var content = ties["MS_HttpContext"] as HttpContextBase; HttpRequestBase request = t; string access_key = ["access_key"];//获取请求参数对应的值 string sign = ["sign"]; if (!OrEmpty(access_key) && !OrEmpty(sign)) { //解密⽤户ticket,并校验⽤户名密码是否匹配

if (ValidateTicket(access_key, sign)) { orized(actionContext); } else { HandleUnauthorizedRequest(actionContext); } } //如果取不到⾝份验证信息，并且不允许匿名访问，则返回未验证401 else { var attributes = tomAttributes().OfType(); bool isAnonymous = (a => a is AllowAnonymousAttribute); if (isAnonymous) orization(actionContext); else HandleUnauthorizedRequest(actionContext); } } //校验sign（数据库数据匹配）

private bool ValidateTicket(string key,string sign) { var result=sp_ess_secret(key); if (!OrEmpty(result)) { var mysing= cryption(key, result);//sign验证 if ((sign)) { return true; } return false; } return false; }}当请求地址⾥⾯包含 access_key 和 sign 对应的键值对，获取对应的值与数据库数据进⾏匹配，匹配通过后可请求数据，适⽤于get 、post请求。

接⼝请求成功后记录⽇志的实现///

/// 请求成功后触发///

public class AuthFilter: ActionFilterAttribute{ private PortLogBLL portlogbll = new PortLogBLL(); public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext) { //action 请求之后触发

//⽇志记录 访问量记录等等 rm(new PortLogEntity() { PortName = tePath,//获得调⽤接⼝, RequestType = ng(), StatusCode = 32(new HttpResponseMessage().StatusCode),//设置状态码 ClientIp = GetClientIp(), ParameterList = (),//获得参数值 Success = true }); } ///

/// 获取客户端Ip ///

/// private string GetClientIp() { string result = Variables["HTTP_X_FORWARDED_FOR"]; if (OrEmpty(result)) { result = Variables["REMOTE_ADDR"]; } if (OrEmpty(result)) { result = stAddress; } if (OrEmpty(result)) { return "0.0.0.0"; } return result; }}当服务端代码报错或出异常时，可⾃定义设置固定格式的异常返回给调⽤者///

/// 接⼝发⽣异常过滤器///

public class ExceptionHandling : ExceptionFilterAttribute, IExceptionFilter{ private PortLogBLL portlogbll = new PortLogBLL(); public override void OnException(HttpActionExecutedContext actionExecutedContext) { var code = new HttpResponseMessage(alServerError).StatusCode;//设置错误代码：例如：500 404 se = new HttpResponseMessage(alServerError); string msg = izeObject(new BaseResult() { success = false, message = e });//返回异常错误提⽰ //写⼊错误⽇志相关实现 rm(new PortLogEntity() { PortName = tePath, RequestType = ng(), StatusCode = 32(code), ClientIp = GetClientIp(), ParameterList = (), Success = false, ErrorMessage = msg }); //result t = new StringContent(msg, 8); } ///

/// 获取调⽤接⼝者ip地址 ///

/// private string GetClientIp() { string result = Variables["HTTP_X_FORWARDED_FOR"]; if (OrEmpty(result)) { result = Variables["REMOTE_ADDR"]; } if (OrEmpty(result)) { result = stAddress; } if (OrEmpty(result)) { return "0.0.0.0"; } return result; }}public class BaseResult{ ///

/// 状态 ///

public bool success { get; set; } ///

/// 错误信息 ///

public string message { get; set; }}以上是开发webapi常⽤代码，⾃⼰封装⼀下就可以使⽤了