var token = Guid.NewGuid().ToString().Replace("-", "");

var expire = DateTime.Now.AddHours();

var timespan = ( expire- DateTime.Now);

var key = string.Format("login-{0}", apiRm.Result.UserID);

RedisCacheHelper.SetCacheByKey<string>(key, JsonHelper.ToJson(apiRm.Result), timespan);

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'token: 1000-e0622f06a9a842a5b79a5295e6d4b235' -d

controller：[RoutePrefix("api/Out"), OperateTrack, AuthToken(AuthTypeEnum.Driver)]
或
action：[HttpPost, Route("GetOutInfo")，AuthToken(AuthTypeEnum.Driver)]

读取过滤器传过来的信息：
var user = ControllerContext.RouteData.Values["user"];
var user1 = HttpContext.Current.User;

public class AuthTokenAttribute : AuthorizeAttribute

    {

        public AuthTypeEnum VerifyAuth { get; set; }

        public AuthTokenAttribute() { this.VerifyAuth = AuthTypeEnum.Common; }

        public AuthTokenAttribute(AuthTypeEnum verifyAuth)

        {

            this.VerifyAuth = verifyAuth;

        }

        protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)

        {

            var request = actionContext.Request;

            if(VerifyAuth== AuthTypeEnum.Driver)

            {

                var rm= AuthDriver(actionContext);

                if (!rm.IsSuccess)

                    return false;

            }

            return true;

        }

    　　 protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)

        {

            StringBuilder sbMsg = new StringBuilder();

            if (VerifyAuth == AuthTypeEnum.Driver)

            {

                var rm = AuthDriver(actionContext);

                if (!rm.IsSuccess)

                    sbMsg.Append(rm.Message);

            }

            var content = JsonConvert.SerializeObject(new ResultApiModel { IsSuccess = false, Message = sbMsg.ToString() + ",验证失败,状态：" + (int)HttpStatusCode.Unauthorized, Code = ((int)HttpStatusCode.Unauthorized).ToString() });

            actionContext.Response = new HttpResponseMessage

            {

                Content = new StringContent(content, Encoding.UTF8, "application/json"),

                StatusCode = HttpStatusCode.Unauthorized

            };

        }

 　　　　private ResultApiModel AuthDriver(System.Web.Http.Controllers.HttpActionContext actionContext)

        {

            //todo 验证token

            //向action传值，在action中可以使用：var user =         ControllerContext.RouteData.Values["user"];获取到

            actionContext.ControllerContext.RouteData.Values["user"] = v;

            SetPrincipal(new UserPrincipal<int>(tokenV));

            return ResultApiModel.Create(true);

        }

        public static void SetPrincipal(IPrincipal principal)

        {

            Thread.CurrentPrincipal = principal;

            //每次都重新覆盖user，避免不同用户对不同action的访问

            if (HttpContext.Current != null)

            {

                HttpContext.Current.User = principal;

            }

        }

}

public enum AuthTypeEnum

    {

        Common=,

        Driver=

    }  

IPrincipal：

public class UserIdentity<TKey> : IIdentity

    {

        public UserIdentity(IUser<TKey> user)

        {

            if (user != null)

            {

                IsAuthenticated = true;

                UserID = user.UserID;

                LoginNo = user.LoginNo.ToString();

                Name = user.LoginNo.ToString();

                UserName = user.UserName;

                RoleCode = user.RoleCode;

                token = user.token;

            }

        }

        public string AuthenticationType

        {

            get { return "CustomAuthentication"; }

        }

        public TKey UserID { get; private set; }

        public bool IsAuthenticated { get; private set; }

        public string LoginNo { get; private set; }

        public string Name { get; private set; }

        public string UserName { get; private set; }

        public string RoleCode { get; private set; }

        public string token { get; private set; }

    }

    public class UserPrincipal<TKey> : IPrincipal

    {

        public UserPrincipal(UserIdentity<TKey> identity)

        {

            Identity = identity;

        }

        public UserPrincipal(IUser<TKey> user)

            : this(new UserIdentity<TKey>(user))

        {

        }

        /// <summary>

        ///

        /// </summary>

        public UserIdentity<TKey> Identity { get; private set; }

        IIdentity IPrincipal.Identity

        {

            get { return Identity; }

        }

        bool IPrincipal.IsInRole(string role)

        {

            throw new NotImplementedException();

        }

    }

    public interface IUser<T>

    {

        /// <summary>

        /// 用户id

        /// </summary>

        T UserID { get; set; }

        /// <summary>

        /// 登录账号

        /// </summary>

        string LoginNo { get; set; }

        /// <summary>

        /// 用户名称

        /// </summary>

        string UserName { get; set; }

        /// <summary>

        /// 角色编号

        /// </summary>

        string RoleCode { get; set; }

        /// <summary>

        /// 登录后分配token

        /// </summary>

        string token { get; set; }

    }

[AuthSign(AuthSignTypeEnum.Common)]

public class AuthSignAttribute : AuthorizeAttribute

    {

        public AuthSignTypeEnum AuthSignType { get; set; }

        public AuthSignAttribute() { this.AuthSignType = AuthSignTypeEnum.Common; }

        public AuthSignAttribute(AuthSignTypeEnum authSignType)

        {

            this.AuthSignType = authSignType;

        }

        /// <summary>

        /// 公共请求主体数据

        /// </summary>

        private string CommonRequestBodyData { get; set; }

        /// <summary>

        /// 权限验证

        /// </summary>

        /// <param name="actionContext"></param>

        /// <returns></returns>

        protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)

        {

            var request = actionContext.Request;

            var requestBodyData = StreamHelper.GetStream2String(request.Content.ReadAsStreamAsync().Result);

            if (AuthSignType == AuthSignTypeEnum.Common)

            {

                CommonRequestBodyData = requestBodyData.TrimStart("data=".ToCharArray());

                var urlParam = GetUrlParam(actionContext);

                if (!urlParam.IsSuccess) return false;

                var rm = AuthSignCommon(urlParam.Result, CommonRequestBodyData);

                if (!rm.IsSuccess)

                    return false;

            }

            return true;

        }

        private ResultApiModel AuthSignCommon(CommonRequestApiModel request, string requestBodyData)

        {

            //todo 验证signreturn ResultApiModel.Create(true);

        }/// <summary>

        ///     处理未授权的请求

        /// </summary>

        /// <param name="actionContext"></param>

        protected override void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)

        {

            StringBuilder sbMsg = new StringBuilder();

            if (AuthSignType == AuthSignTypeEnum.Common)

            {

                //todo 处理验证失败信息

            }

            var content = JsonConvert.SerializeObject(new ResultApiModel { IsSuccess = false, Message = sbMsg.ToString() + " 签名验证失败，状态：" + HttpStatusCode.Unauthorized });

            actionContext.Response = new HttpResponseMessage

            {

                Content = new StringContent(content, Encoding.UTF8, "application/json"),

                StatusCode = HttpStatusCode.Unauthorized

            };

        }

    }

    /// <summary>

    /// 签名类型

    /// </summary>

    public enum AuthSignTypeEnum

    {

        Common =

    }

[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = true)]

    public class NoLogAttribute : Attribute

    {

    }

public class OperateTrackAttribute : ActionFilterAttribute

    {

        /// <summary>

        /// 自定义参数

        /// </summary>

        public string msg { get; set; }

        public OperateTrackAttribute()

        {

        }

        /// <summary>

        /// 初始化时填入类的说明

        /// </summary>

        /// <param name="message"></param>

        public OperateTrackAttribute(string message)

        {

            msg = message;

        }

        private static readonly string key = "enterTime";

        public override Task OnActionExecutingAsync(System.Web.Http.Controllers.HttpActionContext actionContext, CancellationToken cancellationToken)

        {

            if (SkipLogging(actionContext))

            {

                return base.OnActionExecutingAsync(actionContext, cancellationToken);

            }

            //记录进入请求的时间

            actionContext.Request.Properties[key] = DateTime.Now.ToBinary();

            return base.OnActionExecutingAsync(actionContext, cancellationToken);

        }

        /// <summary>

        /// 在请求执行完后 记录请求的数据以及返回数据

        /// </summary>

        /// <param name="actionExecutedContext"></param>

        /// <param name="cancellationToken"></param>

        /// <returns></returns>

        public override Task OnActionExecutedAsync(HttpActionExecutedContext actionExecutedContext, CancellationToken cancellationToken)

        {

            object beginTime = null;

            if (actionExecutedContext.Request.Properties.TryGetValue(key, out beginTime))

            {

                DateTime time = DateTime.FromBinary(Convert.ToInt64(beginTime));

                HttpRequest request = HttpContext.Current.Request;

                string token = request.Headers["token"];

                WebApiActionLogModel apiActionLog = new WebApiActionLogModel

                {

                    Id = Guid.NewGuid(),

                    //获取action名称

                    actionName = actionExecutedContext.ActionContext.ActionDescriptor.ActionName,

                    //获取Controller 名称

                    controllerName = actionExecutedContext.ActionContext.ActionDescriptor.ControllerDescriptor.ControllerName,

                    //获取action开始执行的时间

                    enterTime = time,

                    //获取执行action的耗时

                    costTime = (DateTime.Now - time).TotalMilliseconds,

                    navigator = request.UserAgent,

                    token = token,

                    //获取用户token

                    userId = getUserByToken(token),

                    //获取访问的ip

                    ip = request.UserHostAddress,

                    userHostName = request.UserHostName,

                    urlReferrer = request.UrlReferrer != null ? request.UrlReferrer.AbsoluteUri : "",

                    browser = request.Browser.Browser + " - " + request.Browser.Version + " - " + request.Browser.Type,

                    //获取request提交的参数

                    paramaters = StreamHelper.GetStream2String(actionExecutedContext.Request.Content.ReadAsStreamAsync().Result),

                    //获取response响应的结果

                    executeResult = StreamHelper.GetStream2String(actionExecutedContext.Response.Content.ReadAsStreamAsync().Result),

                    comments = msg,

                    RequestUri = request.Url.AbsoluteUri

                };

                //记debug

                Log.DefaultLogDebug(string.Format("actionExecutedContext {0} 请求：{1}", apiActionLog.controllerName + "/" + apiActionLog.actionName, JsonHelper.ToJson(apiActionLog)));

            }

            return base.OnActionExecutedAsync(actionExecutedContext, cancellationToken);

        }

        /// <summary>

        /// 获取当前登录用户的id

        /// </summary>

        /// <param name="token"></param>

        /// <returns></returns>

        public static string getUserByToken(string token)

        {

            UserIdentity<int> u = HttpContext.Current.User.Identity as UserIdentity<int>;

            if (u == null) return "未登录用户" + token;

            return u.LoginNo.ToString();

        }

        /// <summary>

        /// 判断类和方法头上的特性是否要进行Action拦截

        /// </summary>

        /// <param name="actionContext"></param>

        /// <returns></returns>

        private static bool SkipLogging(System.Web.Http.Controllers.HttpActionContext actionContext)

        {

            return actionContext.ActionDescriptor.GetCustomAttributes<NoLogAttribute>().Any() || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<NoLogAttribute>().Any();

        }

    }