webapi添加basic认证

2021-01-23 10:15

阅读：575

标签：div 调用方法 override ide msi count conf abs

BasicAbstractAuthorize：抽象类，子类中校验用户名密码，并创建Principal　

BasicAuthorize：实现类

    //base.OnAuthorization()，此方法内部，调用IsAuthorized()判断是否授权，如果未授权调用HandleUnauthorizedRequest()方法
    //base.IsAuthorized(),判断Principal、Identity是否为空，为空则未授权
    //base.HandleUnauthorizedRequest()，此方法内部创建Response，状态码401；
    //
    public abstract class BasicAbstractAuthorize : AuthorizeAttribute
    {
        public override void OnAuthorization(HttpActionContext actionContext)
        {

            var authenticationHeader = actionContext.Request.Headers.Authorization;

            if (actionContext.ActionDescriptor.GetCustomAttributes(true).Count > 0
                || actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes(true).Count > 0)
            {//如果有AllowAnonymous特性，就不检查
                base.OnAuthorization(actionContext);
            }
            else
            {
                if (authenticationHeader != null && authenticationHeader.Scheme == "Basic" && !string.IsNullOrEmpty(authenticationHeader.Parameter))
                {
                    var userNameAndPassword = this.GetUserNameAndPassword(authenticationHeader.Parameter);
                    actionContext.RequestContext.Principal = this.Authenticate(userNameAndPassword.Item1, userNameAndPassword.Item2, actionContext);
                }
                if (actionContext.RequestContext.Principal == null)
                {
                    base.HandleUnauthorizedRequest(actionContext);
                }
            }

        }
        /// 
        /// 校验用户名、密码
        /// 
        /// 
        public abstract IPrincipal Authenticate(string userName, string password, HttpActionContext actionContext);
        /// 
        /// 获取用户名、密码
        /// 
        /// 
        /// 
        private Tuplestring, string> GetUserNameAndPassword(string authenticationParameter)
        {
            if (!string.IsNullOrWhiteSpace(authenticationParameter))
            {
                var data = Encoding.ASCII.GetString(Convert.FromBase64String(authenticationParameter)).Split(‘:‘);
                return new Tuplestring, string>(data[0], data[1]);
            }
            return null;
        }
    }

    public class BasicAuthorize : BasicAbstractAuthorize
    {
        public override IPrincipal Authenticate(string userName, string password, HttpActionContext actionContext)
        {
            //校验用户名、密码
            if (userName == "zhangsan" && password == "123")
            {
                ClaimsIdentity identity = new ClaimsIdentity(new List {
                    new Claim("UserName",userName)
                });
                ClaimsPrincipal principal = new ClaimsPrincipal(identity);
                return principal;
            }
            return null;

        }
    }

添加Filter

        public static void Register(HttpConfiguration config)
        {
            // Web API 配置和服务
            RegisterFilters(config.Filters);
        }
        public static void RegisterFilters(HttpFilterCollection filters)
        {
            filters.Add(new BasicAuthorize());
        }

webapi添加basic认证

标签：div 调用方法 override ide msi count conf abs

原文地址：https://www.cnblogs.com/fanfan-90/p/12074607.html

上一篇：React-Redux常见API

下一篇：Can't generate API documentation in l5-swagger

文章来自：搜素材网的编程语言模块，转载请注明文章出处。
文章标题：webapi添加basic认证
文章链接：http://soscw.com/index.php/essay/45844.html

亲，登录后才可以留言！

webapi添加basic认证

评论

热门文章

推荐文章

最新文章

置顶文章