zoukankan      html  css  js  c++  java
  • Asp.Net Web Api 身份验证之Form验证

    1、原理是使用ActionFilterAttribute对请求进行拦截,对Cookies进行解密。登录则对用户信息进行加密保存在Cookies中。

    自定义身份验证特性

    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
        public class FormAuthAttribute : ActionFilterAttribute
        {
            public override void OnActionExecuting(HttpActionContext actionContext)
            {
                try
                 {
                    if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0)
                    {//过滤允许匿名访问的action
                        base.OnActionExecuting(actionContext);
                        return;
                    }
    
                    var cookie = actionContext.Request.Headers.GetCookies();//获取Cookies
                    if (cookie == null || cookie.Count < 1)
                    {
                        actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
                        return;
                    }
    
                    FormsAuthenticationTicket ticket = null;
                    //遍历Cookies,获取验证Cookies并解密
                    foreach (var perCookie in cookie[0].Cookies)
                    {
                        if (perCookie.Name == FormsAuthentication.FormsCookieName)
                        {
                            ticket = FormsAuthentication.Decrypt(perCookie.Value);
                            break;
                        }
                    }
    
                    if (ticket == null)
                    {
                        actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
                        return;
                    }
    
                    // TODO: 添加其它验证方法
    
                    base.OnActionExecuting(actionContext);
                }
                catch
                {
                    actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
                }
            }
        }

    登录验证API

            [Route("Login")]
            [AllowAnonymous]
            public IHttpActionResult Login([FromBody]LoginModel model)
            {
                if (model.UserName.Equals("admin") && model.PassWord.Equals("123456"))
                {
                    FormsAuthentication.SetAuthCookie(model.UserName, false);
                    if (model.IsRememberMe)
                    {
                        HttpContext.Current.Response.SetCookie(new HttpCookie("UserName", model.UserName) { Expires = DateTime.Now.AddDays(7) });
                    }
                    return Ok();
                }
                else
                {
                    return NotFound();
                }
                //return Ok();
            }

    对需要登录才能访问的Api添加 [FormAuth]特性。

  • 相关阅读:
    为什么Java的main方法必须是public static void?
    2. 直接插入、折半插入、希尔排序及其比较(插入类排序)
    1. 冒泡与选择排序及其比较
    0.排序介绍与性能度量
    (十)更快的排序算法(归并、快排、基数)
    (九)排序(选择、插入、希尔)
    (八)递归
    (七)栈的三种实现
    (六)栈的规则及应用
    (五)如何写测试类
  • 原文地址:https://www.cnblogs.com/CanFly/p/4308983.html
Copyright © 2011-2022 走看看