zoukankan      html  css  js  c++  java
  • asp.net web api 权限验证的方法

    思路:客户端使用header或者form讲验证信息传入api,在权限验证过滤中进行处理,代码示例:

    定义过滤器

     public class ApiFilter1 : System.Web.Http.AuthorizeAttribute
        {
           
            protected override bool IsAuthorized(HttpActionContext actionContext)
            {
                var content = actionContext.Request.Properties["MS_HttpContext"] as HttpContextBase;
                //var userName = content.Request.Headers["loginName"];
                   
    
                var user = content.Request.Form["userName"];
                var password = content.Request.Form["password"];
                //return base.IsAuthorized(actionContext);
                //return userName == "wilson" && password == "123";
                return base.IsAuthorized(actionContext);
            }
    
            //public override void OnAuthorization(HttpActionContext actionContext)
            //{
            //    var content = actionContext.Request.Properties["MS_HttpContext"] as HttpContextBase;
            //    var UserName = content.Request.Form["UserName"];
    
            //    //base.OnAuthorization(actionContext);
            //}
    
            protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
            {
                base.HandleUnauthorizedRequest(actionContext);
            }
        }

    定义api方法

     [HttpPost]
            [ApiFilter1]
            public string GetUserById2(InputPara val)
            {
                return JsonConvert.SerializeObject(val);
            }

    ajax客户端调用示例

      function testAjax() {
            $.ajax({
                headers:{"loginName": "wilson", "password": "1234"},
                type: "post",
                url: "/api/user/GetUserById2",
                data: { "userName": "wilson", "password": "1234" },
                success: function (data) {
                    alert(JSON.stringify(data));
                }
            });
    
        }
    var content = actionContext.Request.Properties["MS_HttpContext"] as HttpContextBase;
    /*
    * 使用流写入的数据无法通过Form参数获取,只能通过流读取
    */
    using (MemoryStream ms = new MemoryStream())
    {
    content.Request.InputStream.CopyTo(ms);
    byte[] paraContent = ms.ToArray();
    Encoding encoding = Encoding.UTF8;
    string val = encoding.GetString(paraContent);
    }
  • 相关阅读:
    T-SQL语句操作数据库——基本操作
    HTML——CSS基础
    HTML基础——表格的应用
    HTML基础——基础标签
    AJAX
    aspnetcore-developer-roadmap
    【.Net Core】DotNet CLI command (使用命令创建Controller、View等)
    Unrecognized header format %
    【C#】学习笔记(3) 关于Events使用的小Demo
    数组常用方法(一)
  • 原文地址:https://www.cnblogs.com/weiweictgu/p/7102330.html
Copyright © 2011-2022 走看看