zoukankan      html  css  js  c++  java
  • WebAPI学习笔记(1)实现Basic Auth基本授权验证

    1、Http基本认证只需要添加新的认证过滤属性。该属性类继承自 System.Web.Http.AuthorizeAttribute,在 IsAuthorized(...)方法中读取Http 头部Authorization字段及其值,进行自定义验证。

     1 public class HttpBasicAuthAttribute : System.Web.Http.AuthorizeAttribute
     2     {
     3         public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
     4         {
     5             //从http请求的头里面获取身份验证信息,验证是否是请求发起方的ticket
     6             var authorization = actionContext.Request.Headers.Authorization;
     7             if ((authorization != null) && (authorization.Parameter != null))
     8             {
     9                 //解密用户ticket,并校验用户名密码是否匹配
    10                 var encryptTicket = authorization.Parameter;
    11                 if (ValidateTicket(encryptTicket))
    12                 {
    13                     base.IsAuthorized(actionContext);
    14                 }
    15                 else
    16                 {
    17                     HandleUnauthorizedRequest(actionContext);
    18                 }
    19             }
    20             //如果取不到身份验证信息,则返回未验证401
    21             else
    22             {
    23                 HandleUnauthorizedRequest(actionContext);
    24             }
    25         }
    26 
    27         //校验用户名密码(正式环境中应该是数据库校验)
    28         private bool ValidateTicket(string encryptTicket)
    29         {
    30             //解密Ticket
    31             string strTicket = System.Text.Encoding.Default.GetString(Convert.FromBase64String(encryptTicket));
    32 
    33             //从Ticket里面获取用户名和密码
    34             var index = strTicket.IndexOf(":");
    35             string strUser = strTicket.Substring(0, index);
    36             string strPwd = strTicket.Substring(index + 1);
    37 
    38             if (strUser == "admin" && strPwd == "123456")
    39             {
    40                 return true;
    41             }
    42             else
    43             {
    44                 return false;
    45             }
    46         }
    47     }

    2、在需要验证的具体Controller类或封装的基类中添加HttpBasicAuthAttribute类属性。

     1 [HttpBasicAuth]
     2 public class BaseController : ApiController
     3 {
     4         private string _adminUserToken = "";
     5 
     6         /// <summary>
     7         /// Admin User Token
     8         /// </summary>
     9         public string AdminUserToken
    10         {
    11             get { return _adminUserToken; }
    12             set { _adminUserToken = value; }
    13         }
    14 }

    3、这样就完成了服务器端的设置。

    4、用Postman调用:

    5、Asp.net调用:

     1 string Username = "admin";
     2 string Password = "123456";
     3 using (HttpClient client = new HttpClient())
     4 {
     5     client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.UTF8.GetBytes($"{Username}:{Password}")));
     6 
     7     HttpContent httpContent = new StringContent("", Encoding.UTF8);
     8     httpContent.Headers.ContentType = new MediaTypeHeaderValue("application/json");
     9     Uri address = new Uri("https://xxx/api/issues");
    10 
    11     var response = client.PostAsync(address, httpContent).Result.Content.ReadAsStringAsync().Result;//返回值
    12 }

    6、返回结果:

    【原文出处】http://www.51aras.com/?id=39

      

  • 相关阅读:
    mysqldump 导出数据库为DBname的表名为Tname的表结构 导出数据库的所有表的表结构
    mysqldump 备份某张表 Warning: A partial dump from a server that has GTIDs will by default include the GTIDs of all transactions,
    nfs missing codepage or helper program, or other error
    date 增加一个小时 减少一个小时
    mysqldump 备份单个数据库
    mysql删除账户
    怎么删除某个用户的所有帖子?
    mongodb删除重复数据
    ReSharper2018破解详细方法
    激活windows和office
  • 原文地址:https://www.cnblogs.com/61007257Steven/p/11717880.html
Copyright © 2011-2022 走看看