C# webapi 權限驗證

本文轉載自查看原文 2020-01-08 16:16 1975 C#

    /// <summary>
    /// 自定義此特性用於接口的身份驗證
    /// </summary>
    public class RequestAuthorizeAttribute : AuthorizeAttribute
    {
        static readonly ILog log = LogManager.GetLogger(typeof(RequestAuthorizeAttribute));
        //重寫基類的驗證方式，加入我們自定義的Ticket驗證
        public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            //從http請求的頭里面獲取身份驗證信息，驗證是否是請求發起方的ticket
            var authorization = actionContext.Request.Headers.Authorization;
            if ((authorization != null))
            {
                //解密用戶ticket,並校驗用戶名密碼是否匹配
                var encryptTicket = authorization.Scheme;
                log.Debug("Authorization:" + encryptTicket);
                if (ValidateTicket(encryptTicket))
                {
                    base.IsAuthorized(actionContext);
                }
                else
                {
                    HandleUnauthorizedRequest(actionContext);
                }
            }
            //如果取不到身份驗證信息，並且不允許匿名訪問，則返回未驗證401
            else
            {
                var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>();
                bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute);
                if (isAnonymous) base.OnAuthorization(actionContext);
                else HandleUnauthorizedRequest(actionContext);
            }
        }

        protected override void HandleUnauthorizedRequest(HttpActionContext actioncontext)
        {
            base.HandleUnauthorizedRequest(actioncontext);

            var response = actioncontext.Response = actioncontext.Response ?? new HttpResponseMessage();
            response.StatusCode = HttpStatusCode.Forbidden;
            var content = new
            {
                code = -1,
                success = false,
                errs = new[] { "服務端拒絕訪問：你沒有權限，或者掉線了" }
            };
            response.Content = new StringContent(Json.Encode(content), Encoding.UTF8, "application/json");
        }

        //校驗用戶名密碼（正式環境中應該是數據庫校驗）
        private bool ValidateTicket(string encryptTicket)
        {
            if (encryptTicket.ToLower() == Config.Authorization.ToLower())
            {
                return true;
            }
            else
            {
                return false;
            }
            //解密Ticket
            var strTicket = FormsAuthentication.Decrypt(encryptTicket).UserData;

            //從Ticket里面獲取用戶名和密碼
            var index = strTicket.IndexOf("&");
            string strUser = strTicket.Substring(0, index);
            string strPwd = strTicket.Substring(index + 1);

            if (strUser == "admin" && strPwd == "123456")
            {
                return true;
            }
            else
            {
                return false;
            }
        }
    }

方法或者控制器加上屬性

    [RequestAuthorize]

來源 https://www.cnblogs.com/hnsongbiao/p/9376076.html

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 C# MVC權限驗證 c# WebApi之身份驗證：Basic基礎認證 c# webapi 跳轉 C# 調用 WebApi C# 調用WebApi C# WebAPI系列(2) C# 調用WebApi C# 調用webapi C# WebApi 調用 WebApi(6) 后台C#調用WebApi