zoukankan      html  css  js  c++  java
  • asp.net mvc api auth

    一、登录

    /// <summary>
    /// 获取令牌
    /// </summary>
    /// <param name="userName">用户名</param>
    /// <param name="password">密码</param>
    /// <returns></returns>
    [HttpGet]
    public object Login(string userName, string password)
    {

    if(验证没通过)
        return Json("用户名或密码错误");
    FormsAuthenticationTicket token = new FormsAuthenticationTicket(0, userName, DateTime.Now,DateTime.Now.AddHours(1), true,userName,
    FormsAuthentication.FormsCookiePath);
    //返回登录结果、用户信息、用户验证票据信息
    var Token = FormsAuthentication.Encrypt(token);
    //将身份信息保存在Cache中,一小时之内有访问有效
    HttpRuntime.Cache.Insert(userName, Token, null, System.Web.Caching.Cache.NoAbsoluteExpiration, new TimeSpan(1,0,0), System.Web.Caching.CacheItemPriority.Default, null);

    return Json(new { token = Token });
    }

    二、api auth

    using System.Linq;
    using System.Web;
    using System.Web.Http;
    using System.Web.Http.Controllers;
    using System.Web.Security;

    public class ApiAuthAttribute : AuthorizeAttribute// ActionFilterAttribute
    {
    public override void OnAuthorization(HttpActionContext actionContext)
    {
    var content = actionContext.Request.Properties["MS_HttpContext"] as HttpContextBase;
    var token = content.Request.QueryString["Token"];
    if (!string.IsNullOrEmpty(token))
    {
    //解密用户ticket,并校验用户名密码是否匹配
    if (ValidateTicket(token))
    {
    base.IsAuthorized(actionContext);
    }
    else
    HandleUnauthorizedRequest(actionContext);

    }
    else
    HandleUnauthorizedRequest(actionContext);
    }
    private bool ValidateTicket(string encryptToken)
    {
    //解密Ticket
    var userName = FormsAuthentication.Decrypt(encryptToken).UserData;

    var token = HttpRuntime.Cache.Get(userName)?.ToString();

    if (token == null)
    {
    return false;
    }


    //对比session中的令牌
    if (token == encryptToken)
    {
    return true;
    }

    return false;

    }
    }

    三、在需要验证的地方添加[ApiAuth]

  • 相关阅读:
    simian 查找项目中的重复代码
    idea 启动 ShardingProxy
    kafka 加密通信,python-kafka 访问加密服务器
    apt-get 修改源
    短轮询、长轮询、SSE 和 WebSocket
    前端模块化:CommonJS,AMD,CMD,ES6
    Set、Weak Set、Map、Weak Map学习笔记
    博客园应该如何运营
    Vue中Route的对象参数和常用props传参
    Dapper的新实践,Dapper.Contrib的使用与扩展
  • 原文地址:https://www.cnblogs.com/catzhou/p/5972697.html
Copyright © 2011-2022 走看看