asp.net web api添加自定义认证
1、定义认证失败结果生成器
/// <summary> /// 认证失败结果生成器 /// </summary> public class AuthenticationFailureResult : IHttpActionResult { public AuthenticationFailureResult(string reasonPhrase, HttpRequestMessage request) { ReasonPhrase = reasonPhrase; Request = request; } public string ReasonPhrase { get; private set; } public HttpRequestMessage Request { get; private set; } public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken) { return Task.FromResult(Execute()); } private HttpResponseMessage Execute() { return Request.CreateErrorResponse(HttpStatusCode.Unauthorized, this.ReasonPhrase); } }
2、定义自定义认证过滤器(基于Cookie)
/// <summary> /// 自定义认证 /// </summary> public class CustomAuthenticationFilter : Attribute, IAuthenticationFilter { public virtual bool AllowMultiple { get { return false; } } public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { var principal = await this.AuthenticateAsync(context.Request); if (principal == null) { context.Request.Headers.GetCookies().Clear(); context.ErrorResult = new AuthenticationFailureResult("未授权请求", context.Request); } else { context.Principal = principal; } } public Task ChallengeAsync(HttpAuthenticationChallengeContext context, CancellationToken cancellationToken) { return Task.FromResult(0); } private Task<IPrincipal> AuthenticateAsync(HttpRequestMessage request) { return Task.Run<IPrincipal>(() => { CookieHeaderValue cookieMobile = request.Headers.GetCookies("clientMobile").FirstOrDefault(), cookieToken = request.Headers.GetCookies("clientToken").FirstOrDefault(); if (cookieMobile == null || cookieToken == null || string.IsNullOrWhiteSpace(cookieMobile["clientMobile"].Value) || string.IsNullOrWhiteSpace(cookieToken["clientToken"].Value)) { return null; } string mobile = cookieMobile["clientMobile"].Value, token = cookieToken["clientToken"].Value; ClientDTO client = null;
//此处从Redis服务器中取出指定用户,各位可以根据需要自行更换 using (ICache cache = ObjectContainer.Current.Resolve<ICacheFactory>().CreateCache()) { client = cache.Get<ClientDTO>(RedisTables.CLIENT, mobile); }
//验证用户合法性,如果合法,构建声明式安全主题权限模式并返回,若用户验证不通过返回空 if (client != null && string.Equals(token, Md5Helper.MD5(string.Format("{0}{1}", mobile, client.MsgCode), 32), StringComparison.Ordinal)) { IEnumerable<Claim> claims = new List<Claim>() { new Claim(ClaimTypes.Name, mobile) }; var identity = new ClaimsIdentity("LoanCookie"); identity.AddClaims(claims); return new ClaimsPrincipal(identity); } return null; }); } }
3、将认证特性标记应用于全局、控制器或控制器操作,以控制器操作为例:
分类:
WebAPI
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 如何编写易于单元测试的代码
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 周边上新:园子的第一款马克杯温暖上架
· Open-Sora 2.0 重磅开源!
· 分享 3 个 .NET 开源的文件压缩处理库,助力快速实现文件压缩解压功能!
· Ollama——大语言模型本地部署的极速利器
· DeepSeek如何颠覆传统软件测试?测试工程师会被淘汰吗?