同樣和前面一樣新建一個空的Web項目,都在根目錄添加Module,Models,Views文件夾
添加Nuget包
在Models文件夾里面添加UserModel類
public string Username { get; set; } public UserModel(string username) { Username = username; }
在Models文件夾里面添加Userdatabase類
static readonly List<Tuple<string, string>> ActiveApiKeys = new List<Tuple<string, string>>(); private static readonly List<Tuple<string, string>> User = new List<Tuple<string, string>>(); static UserDatabase() { User.Add(new Tuple<string, string>("Lexan","password")); User.Add(new Tuple<string, string>("User","password")); } public static ClaimsPrincipal GetUserFromApiKey(string apiKey) { var activeKey = ActiveApiKeys.FirstOrDefault(x=>x.Item2==apiKey); if (activeKey==null) { return null; } var userRecord = User.First(x=>x.Item1==activeKey.Item1); return new ClaimsPrincipal(new GenericIdentity(userRecord.Item1,"Lexan")); } public static string ValidateUser(string username,string password) { //嘗試從 "數據庫" 中獲取與給定用戶名和密碼匹配的用戶 var userRecord = User.FirstOrDefault(x=>x.Item1==username&&x.Item2==password); if (userRecord==null) { return null; } //既然用戶已被驗證, 請創建一個可用於后續請求的 api 密鑰。 var apiKey = Guid.NewGuid().ToString(); ActiveApiKeys.Add(new Tuple<string, string>(username,apiKey)); return apiKey; } public static void RemoveApiKey(string apiKey) { var apiKeyToRemove = ActiveApiKeys.First(x=>x.Item2==apiKey); ActiveApiKeys.Remove(apiKeyToRemove); } public static Tuple<string, string> CreateUser(string username, string password) { var user = new Tuple<string, string>(username,password); User.Add(user); return user; }
在Module文件夾中添加AuthModule類,如下代碼
public class AuthModule:NancyModule { //post ["/login"] 方法主要用於獲取后續調用的 api 密鑰 public AuthModule():base("/auth/") { Post("/", Lexan => { var apiKey = UserDatabase.ValidateUser((string) this.Request.Form.Username, (string)this.Request.Form.Password); return string.IsNullOrEmpty(apiKey) ? new Response { StatusCode = HttpStatusCode.Unauthorized } : this.Response.AsJson(new { ApiKey=apiKey}); }); //銷毀關鍵api 密鑰 Delete("/",Lexan=> { var apiKey = (string)this.Request.Form.ApiKey; UserDatabase.RemoveApiKey(apiKey); return new Response { StatusCode=HttpStatusCode.OK}; }); }
在Module文件下添加RootModule類
public RootModule() { Get("/",Lexan=>this.Response.AsText( "這是一個 rest api,它是在另一個 vs 項目" + "演示一個普通的 rest api 在" + "從其他網站或應用程序訪問它" + "了解網站如何訪問此 api, 運行" + "Stateless.Web項目"+ "和構建Web同一項目中" )); }
在Module文件夾下添加SecureModule類
public SecureModule() { Get("secure",Lexan=> { var identity = this.Context.CurrentUser; var userModel = new UserModel(identity.Identity.Name); return this.Response.AsJson( new { SecureContent= "下面是一些安全的內容, 只能看到你提供了正確的 apikey", User=userModel }); }); Post("/secure/creat_user",Lexan=> { Tuple<string, string> user = UserDatabase.CreateUser(this.Context.Request.Form["username"], this.Context.Request.Form["password"]); return this.Response.AsJson(new { username=user.Item1}); }); }
繼續在根目錄添加StatelessBootstrapper
protected override void RequestStartup(TinyIoCContainer container, IPipelines pipelines, NancyContext context) { //在請求啟動時, 我們修改請求管線 //包括無狀態身份驗證 //配置無狀態身份驗證很簡單。只需使用 //NancyContext 得到 apiKey。然后, 使用 apiKey 獲取 //用戶的身份。 //// base.RequestStartup(container, pipelines, context); var configuration = new StatelessAuthenticationConfiguration(nancyContext => { var apiKey = (string)nancyContext.Request.Query.ApiKey.Value; return UserDatabase.GetUserFromApiKey(apiKey); }); AllowAccessToConsumingSite(pipelines); StatelessAuthentication.Enable(pipelines,configuration); } static void AllowAccessToConsumingSite(IPipelines pipelines) { pipelines.AfterRequest.AddItemToEndOfPipeline(x => { x.Response.Headers.Add("訪問-控制-允許-起源", "*"); x.Response.Headers.Add("訪問-控制允許-方法", "開機自檢、獲取、刪除、放入、選項"); }); }
再來看看運行的結果
成功了,謝謝欣賞!