Fork me on GitHub

使用API Key验证WCF Data Service

Ron Jacobs 有篇文章介绍如何在WCF Rest Service中使用API Key验证:http://blogs.msdn.com/b/rjacobs/archive/2010/06/14/how-to-do-api-key-verification-for-rest-services-in-net-4.aspx ,在WCF Data Service中怎么做呢?本文将介绍如何在WCF Data Service中使用API Key进行验证,主要代码来自于Ron Jacobs的这篇文章.

API Key作为一个参数在URL中传递, 在Rob Jacobs的WCFWebHttpLibrary.APIKeyAuthorization的方法string GetAPIKey(OperationContext operationContext)的代码如下:

   1: public string GetAPIKey(OperationContext operationContext)
   2: {
   3:   // Get the request message
   4:   var request = operationContext.RequestContext.RequestMessage;
   5:   // Get the HTTP Request
   6:   var requestProp =(HttpRequestMessageProperty)request.Properties[HttpRequestMessageProperty.Name];
   7:   // Get the query string
   8:   NameValueCollection queryParams =
   9:       HttpUtility.ParseQueryString(requestProp.QueryString);
  10:  
  11:   // Return the API key (if present, null if not)
  12:   string apiKey = queryParams[APIKEY];
  13:   // Is the API Key available in the querystring?
  14:   if (apiKey == null)
  15:   {
  16:     // Is the API Key available in the header?
  17:     apiKey = requestProp.Headers[APIKEY];
  18:   }
  19:   return apiKey;
  20: }

WCF Data Service的OnStartProcessingRequest 方法在处理每个请求之前调用。对于批处理请求,将会为顶级批处理请求调用一次,然后为批处理中的每个操作调用一次。 我们在这个方法里可以实施自定义验证的相关逻辑:

   1: protected override void OnStartProcessingRequest(ProcessRequestArgs args)
   2: {
   3:    var queryParams = HttpUtility.ParseQueryString(args.OperationContext.AbsoluteRequestUri.Query);
   4:    string apiKey = queryParams[APIKEY];
   5:    if (apiKey == null)
   6:    {
   7:         apiKey = args.OperationContext.RequestHeaders[APIKEY];
   8:    }
   9:    if (CheckValidAPIKey(apiKey)) 
  10:    {
  11:       base.OnStartProcessingRequest(args);
  12:    }
  13:    else
  14:    {
  15:        throw new System.Web.Services.Protocols.SoapException();
  16:    }
  17:  
  18: }
  19:  

客户端调用的时候,可以在SendingRequest事件添加到请求的Header里头:

   1: class Program
   2: {
   3:         static void Main(string[] args)
   4:         {
   5:             Uri serviceUri = new Uri("http://localhost/ProfilesDataService");
   6:  
   7:             ServiceReference.YUPEntities service = new ServiceReference.YUPEntities(serviceUri);
   8:             service.SendingRequest += new EventHandler<System.Data.Services.Client.SendingRequestEventArgs>
   9:  
  10: (service_SendingRequest);
  11:  
  12:             var items = service.Execute<UserProfile>(new Uri(http://localhost/ProfilesDataService/GetUserProfile?username='testvip')).ToList();
  13:             foreach (UserProfile profile in items)
  14:             {
  15:                 Console.WriteLine(profile.Title);
  16:             }
  17:         }
  18:  
  19:         static void service_SendingRequest(object sender,System.Data.Services.Client.SendingRequestEventArgs e)
  20:         {
  21:             // when using api in the header...
  22:             e.Request.Headers.Add("APIkey", "918704ec-4811-45b6-a169-16bae3df69a8");
  23:  
  24:         }
  25:  
  26: }
posted @ 2011-03-13 11:12  张善友  阅读(4258)  评论(6编辑  收藏  举报