利用DelegatingHandler实现Web Api 的Api key校验

客户端在请求Web Api时可以有以下两种方式提供API key

• 基于Querystring提供Api key

http://localhost:57967/Api/Values?key=12345

• 基于Request header体统API key

client.BaseAddress = new Uri(url);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Add("X-ApiKey","00000");

编写ApiKeyHandler

 public class ApiKeyHandler : DelegatingHandler
    {
        public string Key { get; set; }

        public ApiKeyHandler(string key,HttpConfiguration httpConfiguration)
        {
            this.Key = key;
            InnerHandler = new HttpControllerDispatcher(httpConfiguration); 
        }

        protected override Task<HttpResponseMessage> SendAsync(
            HttpRequestMessage request, CancellationToken cancellationToken)
        {
            if (!ValidateKey(request))
            {
                var response = new HttpResponseMessage(HttpStatusCode.Forbidden);
                var tsc = new TaskCompletionSource<HttpResponseMessage>();
                tsc.SetResult(response);
                return tsc.Task;
            }
            return base.SendAsync(request, cancellationToken);
        }

        private bool ValidateKey(HttpRequestMessage message)
        {
            IEnumerable<string> apiKeyHeaderValues = null;

            if (message.Headers.TryGetValues("X-ApiKey", out apiKeyHeaderValues))
            {
                var apiKeyHeaderValue = apiKeyHeaderValues.First();
                  return (apiKeyHeaderValue == this.Key)
                // ... your authentication logic here ...
                /*
               var username = (apiKeyHeaderValue == "00000" ? "Maarten" : "OtherUser");

               var usernameClaim = new Claim(ClaimTypes.Name, username);
                var identity = new ClaimsIdentity(new[] { usernameClaim }, "ApiKey");
                var principal = new ClaimsPrincipal(identity);

                Thread.CurrentPrincipal = principal;
             */
            }

            /*
            var query = message.RequestUri.ParseQueryString();
            string key = query["key"];
            return (key == this.Key);
            */
        }

配置到特定的路由上去

           config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional },
                constraints: null,
                handler: new ApiKeyHandler("12345", GlobalConfiguration.Configuration)
                
            );