WebApi的调用-3.Basic验证
webapi里的特性
/// <summary>
/// Basic验证
/// </summary>
/// <remarks>
///
/// </remarks>
public class BasicAuthorizeAttibute : AuthorizeAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
var authorization = actionContext.Request.Headers.Authorization; //HTTP标头的Authorization值
//ActionDescriptor方法上,ActionDescriptor.ControllerDescriptor 类上
//有[AllowAnonymousAttribute] 的情况下
if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>(true).Count != 0
|| actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>(true).Count != 0)
{
base.OnAuthorization(actionContext);
}
else if (authorization != null && authorization.Parameter != null)
{
//用户逻辑验证
if (ValidateTicket(authorization.Parameter))
{
base.IsAuthorized(actionContext);
}
else
{
this.HandleUnauthorizedRequest(actionContext);
}
}
else
{
this.HandleUnauthorizedRequest(actionContext);
}
}
/// <summary>
/// 验证用户逻辑
/// </summary>
/// <param name="encryptTicket" type="string">
///
/// </param>
///
private bool ValidateTicket(string encryptTicket)
{
// var strTicket = FormsAuthentication.Decrypt(encryptTicket.Remove(encryptTicket.Length - 1).Remove(0, 1));
var strTicket = FormsAuthentication.Decrypt(encryptTicket);
return string.Equals(strTicket.UserData, string.Format("{0}&{1}", "admin", "123"));
}
}
获取ticket
[AllowAnonymous]
[HttpGet]
public HttpResponseMessage Login(string account, string password)
{
Model.User user = new User();
if (account == "admin" && password == "123")
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(0, account, DateTime.Now,
DateTime.Now.AddHours(1), true, string.Format("{0}&{1}", account, password),
FormsAuthentication.FormsCookiePath);
return Success(user = new User() { name = account, pass = password, ticket = FormsAuthentication.Encrypt(ticket) });
}
else
{
return Msg("登录失败");
}
}
MVC里面请求头(后台请求)
public string GetApi(string method, string queryString)
{
var result = ApiHelper.Instance.RequestApi(method, queryString, GetApiHeader());
return result;
}
private WebHeaderCollection GetApiHeader()
{
string key = string.Format(GlobalVar.UserTiketCacheKey);
var result = CacheHelper.CacheReader(key);
WebHeaderCollection header = new WebHeaderCollection();
header.Add(HttpRequestHeader.Authorization, "BasicAuth " + result);
return header;
}
作者:【唐】三三
出处:https://www.cnblogs.com/tangge/p/7599281.html
版权:本作品采用「署名-非商业性使用-相同方式共享 4.0 国际」许可协议进行许可。
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· AI技术革命,工作效率10个最佳AI工具