碼上快樂

相關內容    簡體    繁體

接口 Swagger 03 基於Token的身份認證

本文轉載自   查看原文   2020-05-11 10:11   972    12 接口

原文:https://www.cnblogs.com/guogangj/archive/2013/01/18/2866537.html
原文:https://www.cnblogs.com/guyun/p/4589125.html#authentication-authorization
原文:https://www.cnblogs.com/w5942066/p/12055542.html
原文:https://www.cnblogs.com/XiongMaoMengNan/p/6785155.html
原文:https://www.cnblogs.com/wangyulong/p/8727683.html
原文:https://blog.csdn.net/ao123056/article/details/100160981



mark:一種簡單的認證方式

一、添加model


1、用於存儲用戶信息

public class UserInfo
{      
    public int userid { get; set; }
    public string user { get; set; }      
    public string Created { get; set; }
    public string pwd { get; set; }
    public object userModel { get; set; }
}

2、用於在ApiController中,獲取自定義的當前用戶信息

public class FormsPrincipal : IPrincipal
{
    public IIdentity Identity { get; set; }
    public UserInfo UserData { get; set; }
    public bool IsInRole(string role)
    {
        throw new NotImplementedException();
    }
}



二、添加過濾器

添加類TokenAuthorizeAttribute,主要是驗證和解析token,對當前登錄用戶賦值等

public class TokenAuthorizeAttribute : AuthorizeAttribute
{
    public override void OnAuthorization(HttpActionContext actionContext)
    {
        try
        {
            var token = HttpContext.Current.Request.Headers["Authorization"] ?? ""; //獲取token(請求頭里面的值)
            if ((token == null) || string.IsNullOrWhiteSpace(token.ToString()))
            {
                //是否允許匿名訪問
                var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>();
                bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute);
                if (isAnonymous)
                {
                    base.OnAuthorization(actionContext);
                    return;
                }
                else
                {
                    throw new Exception("token不能為空!");
                }
            }

            FormsAuthenticationTicket formTicket = null;
            try
            {
                formTicket = FormsAuthentication.Decrypt(token.ToString());//解密Ticket
            }
            catch (Exception ex)
            {
                throw new Exception("token異常!");
            }
            if (formTicket.Expired)
            {
                throw new Exception("token已失效!");
            }

            var userInfo = JsonConvert.DeserializeObject<UserInfo>(formTicket.UserData);
            var user = new FormsPrincipal();
            user.UserData = userInfo;
            user.Identity = new FormsIdentity(formTicket);
            HttpContext.Current.User = user;

            base.IsAuthorized(actionContext);
        }
        catch (Exception ex)
        {
            SendErrorMsg(actionContext, ex.Message);
        }
    }


    private void SendErrorMsg(HttpActionContext filterContext, string msg)
    {
        base.HandleUnauthorizedRequest(filterContext);
        var response = filterContext.Response = filterContext.Response ?? new HttpResponseMessage();
        response.StatusCode = HttpStatusCode.Forbidden;
        var content = new
        {
            success = false,
            errs = new[] { "服務端拒絕訪問," + msg }
        };
        response.Content = new StringContent(JsonConvert.SerializeObject(content), Encoding.UTF8, "application/json");
    }
}



三、生成token

HomeApiController中,添加如下代碼:

[HttpGet]
public IHttpActionResult Login(int id, string username)
{    
    UserInfo userInfo = new UserInfo { userid = id, user = username };
    string userData = JsonConvert.SerializeObject(userInfo);
    FormsAuthenticationTicket token = new FormsAuthenticationTicket(0, username, DateTime.Now, DateTime.Now.AddDays(30), true, userData, FormsAuthentication.FormsCookiePath);
    string _token = FormsAuthentication.Encrypt(token);//加密
    return Json(new { ret = 1, data = _token, msg = "登錄成功!" });
}



四、獲取token信息

HomeApiController中,添加如下代碼:

[TokenAuthorize]
public IHttpActionResult GetUserInfo()
{
    var userInfo = (User as FormsPrincipal).UserData;
    return Json(userInfo);
}



五、配置Swagger,讓其支持header攜帶token


1、在App_Start中,添加類SwaggerHttpAuthHeaderFilter,代碼如下:

public class SwaggerHttpAuthHeaderFilter : IOperationFilter
{
    void IOperationFilter.Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
    {
        if (operation.parameters == null)
        {
            operation.parameters = new List<Parameter>();
        }
        var filterPipeline = apiDescription.ActionDescriptor.GetFilterPipeline(); //判斷是否添加權限過濾器
        var allowAnonymous = apiDescription.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any();
        var actionFilter = apiDescription.ActionDescriptor.GetCustomAttributes<TokenAuthorizeAttribute>().Any();
        var controllerFilter = apiDescription.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<TokenAuthorizeAttribute>(true).Any();
        if (allowAnonymous)
        {
            return;
        }
        else if (actionFilter || controllerFilter)
        {
            operation.parameters.Add(new Parameter { name = "Authorization", @in = "header", description = "令牌", required = true, type = "string" });
        }
    }
}

2、修改SwaggerConfig

取消注釋
c.OperationFilter<AssignOAuth2SecurityRequirements>();

修改為
c.OperationFilter<App_Start.SwaggerHttpAuthHeaderFilter>();


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 基於session和token的身份認證方案 基於JWT的token身份認證方案 基於Token的身份認證 與 基於服務器的身份認證 實現一個簡單的基於Token的身份認證 Abp vnext 配置Swagger增加token認證 掌握基於 JWT 實現的 Token 身份認證 基於JWT的token身份認證方案(轉) 基於token的多平台身份認證架構設計 基於token的多平台身份認證架構設計 基於token與基於服務器的身份認證
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM