WebApi 通过AuthorizationFilterAttribute 替代 AuthenticateAttribute 实现账号权限管控
AuthorizationFilterAttribute 判定逻辑 重写在 OnAuthorization 里面
获取 请求验证的头信息
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using System.Threading.Tasks;
namespace Client
{
class Program
{
static void Main(string[] args)
{
HttpClient client = new HttpClient();
HttpResponseMessage response = client.GetAsync("http://localhost:3721/api/demo").Result;
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
Console.WriteLine("认证失败");
AuthenticationHeaderValue challenge = response.Headers.WwwAuthenticate.FirstOrDefault();
if (challenge != null && challenge.Scheme == "Basic")
{
Console.Write("输入用户名:");
string userName = Console.ReadLine().Trim();
Console.Write("输入密码:");
string password = Console.ReadLine().Trim();
byte[] credential = Encoding.Default.GetBytes(string.Format("{0}:{1}", userName, password));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(credential));
response = client.GetAsync("http://localhost:3721/api/demo").Result;
string result = response.Content.ReadAsAsync<string>().Result;
Console.WriteLine(result);
}
}
Console.ReadLine();
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Security.Principal;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
using System.Web.Http.Results;
namespace WebApi
{
public class AuthenticateAttribute : AuthorizationFilterAttribute
{
private static Dictionary<string, string> userAccounters;
static AuthenticateAttribute()
{
userAccounters = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
userAccounters.Add("Foo", "Password");
userAccounters.Add("Bar", "Password");
userAccounters.Add("Baz", "Password");
}
public override void OnAuthorization(HttpActionContext actionContext)
{
AuthenticationHeaderValue headerValue = actionContext.Request.Headers.Authorization;
if (null != headerValue && headerValue.Scheme == "Basic")
{
string credential = Encoding.Default.GetString(Convert.FromBase64String(headerValue.Parameter));
string[] split = credential.Split(':');
if (split.Length == 2)
{
string userName = split[0];
string password;
if (userAccounters.TryGetValue(userName, out password))
{
if (password == split[1])
{
GenericIdentity identity = new GenericIdentity(userName);
HttpContext.Current.User = new GenericPrincipal(identity, new string[0]);
//actionContext.ControllerContext.RequestContext.Principal = new GenericPrincipal(identity, new string[0]);
return;
}
}
}
}
HttpResponseMessage response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
string parameter = string.Format("realm=\"{0}\"", actionContext.Request.RequestUri.DnsSafeHost);
AuthenticationHeaderValue challenge = new AuthenticationHeaderValue("Basic", parameter);
response.Headers.WwwAuthenticate.Add(challenge);
actionContext.Response = response;
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http;
namespace WebApi.Controllers
{
[Authenticate]
public class DemoController : ApiController
{
public string Get()
{
return "成功调用!";
}
}
}
