我会分两步完成:
AuthorizeAttribute
我通常在ActionFilter中执行此操作: https://gist.github.com/e297b435ceb8f022fb95
public override void OnActionExecuting(ActionExecutingContext filterContext) { if (filterContext == null) throw new ArgumentNullException("FilterContext"); if (AuthProvider == null) throw new ArgumentNullException("IAuthProvider"); if (AuthProvider.Authenticate(filterContext) == false) { var req = filterContext.HttpContext.Request; var response = filterContext.HttpContext.Response; response.StatusCode = 401; response.AddHeader("WWW-Authenticate", "Basic realm=\"Emergidata\""); response.End(); } else { var controller = filterContext.Controller as IAppController; controller.DynamicSession= AuthProvider.AuthProviderContext; } }