问题
Why is OnAuthorization called twice for my straight forward AuthorizationFilterAttribute?
public class ApiAuthenticateAttribute : AuthorizationFilterAttribute
{
public void override OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
if(NotAuthorized())
throw new Exception();
}
}
First Call Stack
Second Call Stack
回答1:
The problem was with Ninject.Web.WebApi. For some reason it was registering the filter twice. Updating the package to latest (v 3.2.1) fixed the issue.
回答2:
I had registered the AuthorizeAttribute in the WebAPIconfig.cs:
public static void Register(HttpConfiguration config)
{
config.Filters.Add(new Global.Security.MyAuthorizeAttribute());
In addition I had decorated the method with the Attribute.
[MyAuthorize]
public IHttpActionResult Get(string name)
This caused the public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) method to be called twice.
The solution is either set one up globally (as a config filter) or add attributes to methods individually.
来源:https://stackoverflow.com/questions/20849343/why-is-onauthorization-called-twice-in-my-custom-authorizationfilterattribute