WebApi的调用-3.Basic验证

WebApi的调用-3.Basic验证_第1张图片
Basic基本验证

webapi里的特性

/// 
    ///  Basic验证   
    /// 
    /// 
    ///     
    /// 
    public class BasicAuthorizeAttibute : AuthorizeAttribute
    {
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            var authorization = actionContext.Request.Headers.Authorization; //HTTP标头的Authorization值
            //ActionDescriptor方法上,ActionDescriptor.ControllerDescriptor 类上
            //有[AllowAnonymousAttribute] 的情况下
            if (actionContext.ActionDescriptor.GetCustomAttributes(true).Count != 0
                || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(true).Count != 0)
            {
                base.OnAuthorization(actionContext);
            }
            else if (authorization != null && authorization.Parameter != null)
            {
                //用户逻辑验证
                if (ValidateTicket(authorization.Parameter))
                {
                    base.IsAuthorized(actionContext);
                }
                else
                {
                    this.HandleUnauthorizedRequest(actionContext);
                }
            }
            else
            {
                this.HandleUnauthorizedRequest(actionContext);
            }
        }


        /// 
        ///  验证用户逻辑   
        /// 
        /// 
        /// 
        /// 
        /// 
        private bool ValidateTicket(string encryptTicket)
        {
           // var strTicket = FormsAuthentication.Decrypt(encryptTicket.Remove(encryptTicket.Length - 1).Remove(0, 1));
            var strTicket = FormsAuthentication.Decrypt(encryptTicket);
            return string.Equals(strTicket.UserData, string.Format("{0}&{1}", "admin", "123"));
        }
    }

获取ticket

        [AllowAnonymous]
        [HttpGet]
        public HttpResponseMessage Login(string account, string password)
        {
            Model.User user = new User();
            if (account == "admin" && password == "123")
            {
                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(0, account, DateTime.Now,
                           DateTime.Now.AddHours(1), true, string.Format("{0}&{1}", account, password),
                           FormsAuthentication.FormsCookiePath);
                return Success(user = new User() { name = account, pass = password, ticket = FormsAuthentication.Encrypt(ticket) });
            }
            else
            {
                return Msg("登录失败");
            }
        }

MVC里面请求头(后台请求)

public string GetApi(string method, string queryString)
        {
            var result = ApiHelper.Instance.RequestApi(method, queryString, GetApiHeader());
            return result;
        }

private WebHeaderCollection GetApiHeader()
        {
            string key = string.Format(GlobalVar.UserTiketCacheKey);
            var result = CacheHelper.CacheReader(key);
            WebHeaderCollection header = new WebHeaderCollection();
            header.Add(HttpRequestHeader.Authorization, "BasicAuth " + result);
            return header;
        }

你可能感兴趣的:(WebApi的调用-3.Basic验证)