ASP.NET MVC—WebAPI(調用、授權)
本系列目錄:ASP.NET MVC4入門到精通系列目錄匯總
微軟有了Webservice和WCF,為什么還要有WebAPI?
用過WCF的人應該都清楚,面對那一大堆復雜的配置文件,有時候一出問題,真的會叫人抓狂。而且供不同的客戶端調用不是很方便。不得不承認WCF的功能確實非常強大,可是有時候我們通常不需要那么復雜的功能,只需要簡單的僅通過使用Http或Https來調用的增刪改查功能,這時,WebAPI應運而生。那么什么時候考慮使用WebAPI呢?
當你遇到以下這些情況的時候,就可以考慮使用Web API了。
- 需要Web Service但是不需要SOAP
- 需要在已有的WCF服務基礎上建立non-soap-based http服務
- 只想發布一些簡單的Http服務,不想使用相對復雜的WCF配置
- 發布的服務可能會被帶寬受限的設備訪問
- 希望使用開源框架,關鍵時候可以自己調試或者自定義一下框架
熟悉MVC的朋友你可能會覺得Web API 與MVC很類似。
Demo
1、新建項目,WebApi
2、新建類Product
public class Product
{
public int Id { get; set; }
public string Name { get; set; }
public string Category { get; set; }
public decimal Price { get; set; }
}
3、新建控制器Products,為了演示,我這里不連接數據庫,直接代碼中構造假數據
using System.Net.Http;
using System.Web.Http;
public class ProductsController : ApiController { Product[] products = new Product[] { new Product { Id = 1, Name = "Tomato Soup", Category = "Groceries", Price = 1 }, new Product { Id = 2, Name = "Yo-yo", Category = "Toys", Price = 3.75M }, new Product { Id = 3, Name = "Hammer", Category = "Hardware", Price = 16.99M } }; public IEnumerable<Product> GetAllProducts() { return products; } public IHttpActionResult GetProduct(int id) { var product = products.FirstOrDefault((p) => p.Id == id); if (product == null) { return NotFound(); } return Ok(product); } }
4、新建Index.html來測試WebAPI的調用,代碼如下:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Product App</title>
</head>
<body>
<div>
<h2>All Products</h2>
<ul id="products" />
</div>
<div>
<h2>Search by ID</h2>
<input type="text" id="prodId" size="5" />
<input type="button" value="Search" onclick="find();" />
<p id="product" />
</div>
<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.0.3.min.js"></script>
<script>
var uri = 'api/products';
$(document).ready(function () {
$.getJSON(uri)
.done(function (data) {
$.each(data, function (key, item) {
$('<li>', { text: formatItem(item) }).appendTo($('#products'));
});
});
});
function formatItem(item) {
return item.Name + ': $' + item.Price;
}
function find() {
var id = $('#prodId').val();
$.getJSON(uri + '/' + id)
.done(function (data) {
$('#product').text(formatItem(data));
})
.fail(function (jqXHR, textStatus, err) {
$('#product').text('Error: ' + err);
});
}
</script>
</body>
</html>
運行結果如下:
WebAPI授權
1、新建授權過濾器類APIAuthorizeAttribute.cs
/* ==============================================================================
* 功能描述:APIAuthorizeAttribute
* 創 建 者:Zouqj
* 創建日期:2015/11/3 11:37:45
==============================================================================*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Principal;
using System.Text;
using System.Threading;
using System.Web;
using System.Web.Http.Filters;
using Uuch.HP.WebAPI.Helper;
namespace Uuch.HP.WebAPI.Filter
{
public class APIAuthorizeAttribute : AuthorizationFilterAttribute
{
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
//如果用戶使用了forms authentication,就不必在做basic authentication了
if (Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
return;
}
var authHeader = actionContext.Request.Headers.Authorization;
if (authHeader != null)
{
if (authHeader.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase) &&
!String.IsNullOrWhiteSpace(authHeader.Parameter))
{
var credArray = GetCredentials(authHeader);
var userName = credArray[0];
var key = credArray[1];
string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
//if (IsResourceOwner(userName, actionContext))
//{
//You can use Websecurity or asp.net memebrship provider to login, for
//for he sake of keeping example simple, we used out own login functionality
if (APIAuthorizeInfoValidate.ValidateApi(userName,key,ip))//Uuch.HPKjy.Core.Customs.APIAuthorizeInfo.GetModel(userName, key, ip) != null
{
var currentPrincipal = new GenericPrincipal(new GenericIdentity(userName), null);
Thread.CurrentPrincipal = currentPrincipal;
return;
}
//}
}
}
HandleUnauthorizedRequest(actionContext);
}
private string[] GetCredentials(System.Net.Http.Headers.AuthenticationHeaderValue authHeader)
{
//Base 64 encoded string
var rawCred = authHeader.Parameter;
var encoding = Encoding.GetEncoding("iso-8859-1");
var cred = encoding.GetString(Convert.FromBase64String(rawCred));
var credArray = cred.Split(':');
return credArray;
}
private bool IsResourceOwner(string userName, System.Web.Http.Controllers.HttpActionContext actionContext)
{
var routeData = actionContext.Request.GetRouteData();
var resourceUserName = routeData.Values["userName"] as string;
if (resourceUserName == userName)
{
return true;
}
return false;
}
private void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
actionContext.Response.Headers.Add("WWW-Authenticate",
"Basic Scheme='eLearning' location='http://localhost:8323/APITest'");
}
}
}
2、添加驗證方法類APIAuthorizeInfoValidate.cs
using Newtonsoft.Json;
/* ==============================================================================
* 功能描述:APIAuthorizeInfoValidate
* 創 建 者:Zouqj
* 創建日期:2015/11/3 16:26:10
==============================================================================*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace Uuch.HP.WebAPI.Helper
{
public class APIAuthorizeInfo
{
public string UserName { get; set; }
public string Key { get; set; }
}
public class APIAuthorizeInfoValidate
{
public static bool ValidateApi(string username, string key, string ip)
{
var _APIAuthorizeInfo = JsonConvert.DeserializeObject <List<APIAuthorizeInfo>>(WebConfigHelper.ApiAuthorize);
var ips = WebConfigHelper.IPs.Contains(",") ? WebConfigHelper.IPs.Split(',') : new string[] { WebConfigHelper.IPs };
if (_APIAuthorizeInfo != null && _APIAuthorizeInfo.Count > 0)
{
foreach (var v in _APIAuthorizeInfo)
{
if (v.UserName == username && v.Key == key && ips.Contains(ip))
{
return true;
}
}
}
return false;
}
}
}
3、把添加到全局過濾器中,這里要注意了,不要添加到FilterConfig.cs,而要添加到WebApiConfig.cs,因為FilterConfig是MVC用的,我們這里是WebAPI。
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
config.Filters.Add(new APIAuthorizeAttribute());
}
}
使用C#來調用WebAPI
以下用到的幾個類,已經被我封裝好了,可以直接使用。
1、新建webAPI站點,然后新建控制器RProducts
public class RProductsController : ApiController
{
/// <summary>
/// 備案商品回執記錄回調接口
/// </summary>
/// <param name="lst"></param>
/// <returns></returns>
public int Put(List<RProduct> lst)
{
return ReceiptInfo.UpdateReceiptProductInfo(lst);
}
}
2、新建類WebApiClient.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using DBHelper.Entitys;
namespace DBHelper
{
public static class WebApiClient<T>
{
static void SetBasicAuthorization(HttpClient client)
{
HttpRequestHeaders header=client.DefaultRequestHeaders;
string user = ConfigHelper.UserName;
string key = ConfigHelper.Key;
Encoding encoding = Encoding.UTF8;
// Add an Accept header for JSON format.
// 為JSON格式添加一個Accept報頭
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
//Base64編碼
var data = Convert.ToBase64String(encoding.GetBytes(user + ":" + key));
//設置AuthenticationHeaderValue
header.Authorization = new AuthenticationHeaderValue("Basic", data);
//通過HttpRequestHeaders.Add
//header.Add("Authorization", "Basic " + data);
}
public static List<T> GetAll(string url)
{
List<T> li = new List<T>();
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
// List all products.
// 列出所有產品
HttpResponseMessage response = client.GetAsync(url).Result;// Blocking call(阻塞調用)!
if (response.IsSuccessStatusCode)
{
// Parse the response body. Blocking!
// 解析響應體。阻塞!
li = response.Content.ReadAsAsync<List<T>>().Result;
}
else
{
Console.WriteLine("{0} ({1})", (int)response.StatusCode, response.ReasonPhrase);
}
return li;
}
public static T GetByFilter(string url)
{
T entity = default(T);
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
// List all products.
// 列出所有產品
HttpResponseMessage response = client.GetAsync(url).Result;// Blocking call(阻塞調用)!
if (response.IsSuccessStatusCode)
{
// Parse the response body. Blocking!
// 解析響應體。阻塞!
entity = response.Content.ReadAsAsync<T>().Result;
}
return entity;
}
public static T Get(string url,string id)
{
T entity=default(T);
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
// List all products.
// 列出所有產品
HttpResponseMessage response = client.GetAsync(string.Format("{0}/{1}",url,id)).Result;// Blocking call(阻塞調用)!
if (response.IsSuccessStatusCode)
{
// Parse the response body. Blocking!
// 解析響應體。阻塞!
entity = response.Content.ReadAsAsync<T>().Result;
}
return entity;
}
public static bool Edit(string url,List<int> value)
{
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PutAsJsonAsync(url,value).Result;
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
return false;
}
}
public static bool Edit(string url, Dictionary<int, string> dic)
{
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PutAsJsonAsync(url, dic).Result;
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
return false;
}
}
public static bool EditModel(string url, List<T> value)
{
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PutAsJsonAsync(url, value).Result;
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
return false;
}
}
public static List<TI> GetList<TI>(string url, List<int> value)
{
List<TI> list = new List<TI>();
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PostAsJsonAsync(url, value).Result;
if (response.IsSuccessStatusCode)
{
list = response.Content.ReadAsAsync<List<TI>>().Result;
}
else
{
list = new List<TI>();
}
return list;
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using DBHelper.Entitys;
namespace DBHelper
{
public static class WebApiClient<T>
{
static void SetBasicAuthorization(HttpClient client)
{
HttpRequestHeaders header=client.DefaultRequestHeaders;
string user = ConfigHelper.UserName;
string key = ConfigHelper.Key;
Encoding encoding = Encoding.UTF8;
// Add an Accept header for JSON format.
// 為JSON格式添加一個Accept報頭
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
//Base64編碼
var data = Convert.ToBase64String(encoding.GetBytes(user + ":" + key));
//設置AuthenticationHeaderValue
header.Authorization = new AuthenticationHeaderValue("Basic", data);
//通過HttpRequestHeaders.Add
//header.Add("Authorization", "Basic " + data);
}
public static List<T> GetAll(string url)
{
List<T> li = new List<T>();
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
// List all products.
// 列出所有產品
HttpResponseMessage response = client.GetAsync(url).Result;// Blocking call(阻塞調用)!
if (response.IsSuccessStatusCode)
{
// Parse the response body. Blocking!
// 解析響應體。阻塞!
li = response.Content.ReadAsAsync<List<T>>().Result;
}
else
{
Console.WriteLine("{0} ({1})", (int)response.StatusCode, response.ReasonPhrase);
}
return li;
}
public static T GetByFilter(string url)
{
T entity = default(T);
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
// List all products.
// 列出所有產品
HttpResponseMessage response = client.GetAsync(url).Result;// Blocking call(阻塞調用)!
if (response.IsSuccessStatusCode)
{
// Parse the response body. Blocking!
// 解析響應體。阻塞!
entity = response.Content.ReadAsAsync<T>().Result;
}
return entity;
}
public static T Get(string url,string id)
{
T entity=default(T);
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
// List all products.
// 列出所有產品
HttpResponseMessage response = client.GetAsync(string.Format("{0}/{1}",url,id)).Result;// Blocking call(阻塞調用)!
if (response.IsSuccessStatusCode)
{
// Parse the response body. Blocking!
// 解析響應體。阻塞!
entity = response.Content.ReadAsAsync<T>().Result;
}
return entity;
}
public static bool Edit(string url,List<int> value)
{
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PutAsJsonAsync(url,value).Result;
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
return false;
}
}
public static bool Edit(string url, Dictionary<int, string> dic)
{
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PutAsJsonAsync(url, dic).Result;
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
return false;
}
}
public static bool EditModel(string url, List<T> value)
{
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PutAsJsonAsync(url, value).Result;
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
return false;
}
}
public static List<TI> GetList<TI>(string url, List<int> value)
{
List<TI> list = new List<TI>();
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PostAsJsonAsync(url, value).Result;
if (response.IsSuccessStatusCode)
{
list = response.Content.ReadAsAsync<List<TI>>().Result;
}
else
{
list = new List<TI>();
}
return list;
}
}
}
3、新建類BaseEntity.cs
using NHibernate;
using NHibernate.Criterion;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data.Common;
using System.Linq;
using System.Text;
namespace DBHelper
{
public abstract class BaseEntity<T, TID> where T : BaseEntity<T, TID>
{
#region 屬性
/// <summary>
/// 編號
/// </summary>
public string V_PreInvtId { get; set; }
/// <summary>
/// 回執狀態
/// </summary>
public int V_OpResult { get; set; }
/// <summary>
/// 操作時間
/// </summary>
public DateTime D_optime { get; set; }
/// <summary>
/// 備注
/// </summary>
public string V_NoteS { get; set; }
#endregion
public virtual TID ID { get; set; }
#region
/// <summary>
/// Session配置文件路徑
/// </summary>
protected static readonly string SessionFactoryConfigPath = System.IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "NHibernate.config");
/// <summary>
/// 返回對應的Session.
/// </summary>
protected static ISession NHibernateSession
{
get
{
return NHibernateSessionManager.Instance.GetSessionFrom(SessionFactoryConfigPath);
}
}
#endregion
#region common
/// <summary>
/// 根據ID從數據庫獲取一個類型為T的實例
/// </summary>
public static T GetById(TID id, bool shouldLock)
{
T entity;
if (shouldLock)
{
entity = NHibernateSession.Get<T>(id, LockMode.Upgrade);
}
else
{
entity = NHibernateSession.Get<T>(id);
}
return entity;
}
/// <summary>
/// 根據ID從數據庫獲取一個類型為T的實例
/// </summary>
public static T GetById(TID id)
{
return GetById(id, false);
}
/// <summary>
/// 獲取所有的類型為T的對象
/// </summary>
public static IList<T> GetAll()
{
return GetByCriteria();
}
/// <summary>
/// 根據給定的 <see cref="ICriterion" /> 來查詢結果
/// 如果沒有傳入 <see cref="ICriterion" />, 效果與 <see cref="GetAll" />一致.
/// </summary>
public static IList<T> GetByCriteria(params ICriterion[] criterion)
{
ICriteria criteria = NHibernateSession.CreateCriteria(typeof(T));
foreach (ICriterion criterium in criterion)
{
criteria.Add(criterium);
}
criteria.AddOrder(new Order("ID", false));
return criteria.List<T>();
}
#endregion
#region entity
/// <summary>
/// 根據exampleInstance的屬性值來查找對象,返回與其值一樣的對象對表。
/// exampleInstance中值為0或NULL的屬性將不做為查找條件
/// </summary>
/// <param name="exampleInstance">參考對象</param>
/// <param name="propertiesToExclude">要排除的查詢條件屬性名</param>
/// <returns></returns>
public virtual IList<T> GetByExample(T exampleInstance, params string[] propertiesToExclude)
{
ICriteria criteria = NHibernateSession.CreateCriteria(exampleInstance.GetType());
Example example = Example.Create(exampleInstance);
foreach (string propertyToExclude in propertiesToExclude)
{
example.ExcludeProperty(propertyToExclude);
}
example.ExcludeNone();
example.ExcludeNulls();
example.ExcludeZeroes();
criteria.Add(example);
criteria.AddOrder(new Order("ID", false));
return criteria.List<T>();
}
/// <summary>
/// 使用<see cref="GetByExample"/>來返回一個唯一的結果,如果結果不唯一會拋出異常
/// </summary>
/// <exception cref="NonUniqueResultException" />
public virtual T GetUniqueByExample(T exampleInstance, params string[] propertiesToExclude)
{
IList<T> foundList = GetByExample(exampleInstance, propertiesToExclude);
if (foundList.Count > 1)
{
throw new NonUniqueResultException(foundList.Count);
}
if (foundList.Count > 0)
{
return foundList[0];
}
else
{
return default(T);
}
}
/// <summary>
/// 將指定的對象保存到數據庫,並立限提交,並返回更新后的ID
/// See http://www.hibernate.org/hib_docs/reference/en/html/mapping.html#mapping-declaration-id-assigned.
/// </summary>
//public virtual T Save()
//{
// T entity = (T)this;
// NHibernateSession.Save(entity);
// NHibernateSession.Flush();
// return entity;
//}
/// <summary>
/// 將指定的對象保存或更新到數據庫,並返回更新后的ID
/// </summary>
//public virtual T Merge()
//{
// T entity = (T)this;
// NHibernateSession.Merge<T>(entity);
// NHibernateSession.Flush();
// return entity;
//}
///// <summary>
///// 從數據庫中刪除指定的對象
///// </summary>
//public virtual void Delete()
//{
// T entity = (T)this;
// NHibernateSession.Delete(entity);
// NHibernateSession.Flush();
//}
public virtual DbTransaction BeginTransaction()
{
ITransaction tran = NHibernateSession.BeginTransaction();// NHibernateSessionManager.Instance.BeginTransactionOn(SessionFactoryConfigPath);
return new DbTransaction(tran);
}
/// <summary>
/// 提交所有的事務對象,並Flush到數據庫
/// </summary>
public virtual void CommitChanges()
{
if (NHibernateSessionManager.Instance.HasOpenTransactionOn(SessionFactoryConfigPath))
{
NHibernateSessionManager.Instance.CommitTransactionOn(SessionFactoryConfigPath);
}
else
{
// 如果不是事務模式,就直接調用Flush來更新
NHibernateSession.Flush();
}
}
#endregion
#region WebApi獲取數據
public static string Url
{
get
{
string url = System.Configuration.ConfigurationManager.AppSettings[typeof(T).Name];
if (string.IsNullOrEmpty(url))
{
throw new Exception(string.Format("“{0}”未包含URL配置", typeof(T).Name));
}
return url;
}
}
public static List<T> GetAllBySource()
{
return WebApiClient<T>.GetAll(Url);
}
public static void EditBySource(List<int> value)
{
WebApiClient<T>.Edit(Url, value);
}
public static void EditBySource(Dictionary<int, string> dic)
{
WebApiClient<T>.Edit(Url, dic);
}
public static T GetOneBySource(string id)
{
return WebApiClient<T>.Get(Url, id);
}
public static void EditBySourceByModel(List<T> value)
{
WebApiClient<T>.EditModel(Url, value);
}
#endregion
}
public class DbTransaction : IDisposable
{
ITransaction _transaction;
public DbTransaction(ITransaction transaction)
{
_transaction = transaction;
}
#region IDisposable 成員
public void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
}
protected virtual void Dispose(bool disposing)
{
if (disposing)
{
_transaction.Dispose();
_transaction = null;
}
}
#endregion
#region ITransaction 成員
public void Begin(System.Data.IsolationLevel isolationLevel)
{
_transaction.Begin(isolationLevel);
}
public void Begin()
{
_transaction.Begin();
}
public void Commit()
{
_transaction.Commit();
}
public void Enlist(System.Data.IDbCommand command)
{
_transaction.Enlist(command);
}
public bool IsActive
{
get { return _transaction.IsActive; }
}
public void RegisterSynchronization(NHibernate.Transaction.ISynchronization synchronization)
{
_transaction.RegisterSynchronization(synchronization);
}
public void Rollback()
{
_transaction.Rollback();
}
public bool WasCommitted
{
get { return _transaction.WasCommitted; }
}
public bool WasRolledBack
{
get { return _transaction.WasRolledBack; }
}
#endregion
}
}
4、調用代碼:
List<EProducts> list = DBHelper.Entitys.EProducts.GetAllBySource();
在調用WebAPI之前,記得先運行WebAPI站點。
當我們的WebAPI站點開發完成之后,我們可以使用Nuget安裝一個插件自動生成API文檔,這個插件同時還支持WebAPI在線測試的。
/* ==============================================================================
* 功能描述:APIAuthorizeAttribute
* 創 建 者:Zouqj
* 創建日期:2015/11/3 11:37:45
==============================================================================*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Principal;
using System.Text;
using System.Threading;
using System.Web;
using System.Web.Http.Filters;
using Uuch.HP.WebAPI.Helper;
namespace Uuch.HP.WebAPI.Filter
{
public class APIAuthorizeAttribute : AuthorizationFilterAttribute
{
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
//如果用戶使用了forms authentication,就不必在做basic authentication了
if (Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
return;
}
var authHeader = actionContext.Request.Headers.Authorization;
if (authHeader != null)
{
if (authHeader.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase) &&
!String.IsNullOrWhiteSpace(authHeader.Parameter))
{
var credArray = GetCredentials(authHeader);
var userName = credArray[0];
var key = credArray[1];
string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
//if (IsResourceOwner(userName, actionContext))
//{
//You can use Websecurity or asp.net memebrship provider to login, for
//for he sake of keeping example simple, we used out own login functionality
if (APIAuthorizeInfoValidate.ValidateApi(userName,key,ip))//Uuch.HPKjy.Core.Customs.APIAuthorizeInfo.GetModel(userName, key, ip) != null
{
var currentPrincipal = new GenericPrincipal(new GenericIdentity(userName), null);
Thread.CurrentPrincipal = currentPrincipal;
return;
}
//}
}
}
HandleUnauthorizedRequest(actionContext);
}
private string[] GetCredentials(System.Net.Http.Headers.AuthenticationHeaderValue authHeader)
{
//Base 64 encoded string
var rawCred = authHeader.Parameter;
var encoding = Encoding.GetEncoding("iso-8859-1");
var cred = encoding.GetString(Convert.FromBase64String(rawCred));
var credArray = cred.Split(':');
return credArray;
}
private bool IsResourceOwner(string userName, System.Web.Http.Controllers.HttpActionContext actionContext)
{
var routeData = actionContext.Request.GetRouteData();
var resourceUserName = routeData.Values["userName"] as string;
if (resourceUserName == userName)
{
return true;
}
return false;
}
private void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
actionContext.Response.Headers.Add("WWW-Authenticate",
"Basic Scheme='eLearning' location='http://localhost:8323/APITest'");
}
}
}