using BMOA.Application.System; using BMOA.Common; using BMOA.Web.Models; using Newtonsoft.Json; using System; using System.Collections.Generic; using System.Configuration; using System.Linq; using System.Net.Http; using System.Web; using System.Web.Http.Controllers; using System.Web.Http.Filters; namespace KBMOA.Web.Filter { /// <summary> /// Api请求过滤器 /// </summary> public class ApiFilter : ActionFilterAttribute { /// <summary> /// 小程序端请使用sha1加密appkey /// </summary> /// <param name="actionContext"></param> public override void OnActionExecuting(HttpActionContext actionContext) { string appkey = string.Empty; string apppwd = string.Empty; if (actionContext.Request.Headers.Contains("appkey")) { appkey = HttpUtility.UrlDecode(actionContext.Request.Headers.GetValues("appkey").FirstOrDefault()); } if (actionContext.Request.Headers.Contains("apppwd")) { apppwd = HttpUtility.UrlDecode(actionContext.Request.Headers.GetValues("apppwd").FirstOrDefault()); } //判断请求头是否包含以下参数 if (string.IsNullOrEmpty(appkey) || string.IsNullOrEmpty(apppwd)) { Check(actionContext); base.OnActionExecuting(actionContext); } if (appkey.Equals(YG_Config.appkey) == false || string.Equals(apppwd, ZEncypt.Sha1(appkey), StringComparison.CurrentCultureIgnoreCase) == false) { Check(actionContext); base.OnActionExecuting(actionContext); } } private void Check(HttpActionContext actionContext) { ResponseModel result = new ResponseModel() { Success = false }; result.Message = "此请求未经授权"; actionContext.Response = actionContext.Request.CreateResponse(result); } } }