1.登陸的時候根據用戶信息生成Token
var token = FormsAuthentication.Encrypt( new FormsAuthenticationTicket( 0, "UserName", DateTime.Now, DateTime.Now.AddHours(1), true, string.Format("{0}&{1}", "userData1", "userData2" ), FormsAuthentication.FormsCookiePath)); / /放入Cookie var cookie = new HttpCookie(FormsAuthentication.FormsCookieName, token); cookie.HttpOnly = true; HttpContext.Current.Response.Cookies.Add(cookie);
2.新增 一個Filter(取名規范 XXX+Attribute) :ActionFilterAttribute,重寫OnActionExecutingAsync
public override Task OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken) { var auth = actionContext.Request.Headers.Authorization; //記錄進入請求的時間 actionContext.Request.Properties[key] = DateTime.Now.ToBinary(); //TODO 權限,各種操作在這都可以去攔截.. return base.OnActionExecutingAsync(actionContext, cancellationToken); }
3. 獲取Token 中的信息
var user = HttpContext.Current.User.Identity.Name;