• asp.net web api添加自定义认证


    1、定义认证失败结果生成器

       /// <summary>
        /// 认证失败结果生成器
        /// </summary>
        public class AuthenticationFailureResult : IHttpActionResult
        {
            public AuthenticationFailureResult(string reasonPhrase, HttpRequestMessage request)
            {
                ReasonPhrase = reasonPhrase;
                Request = request;
            }
    
            public string ReasonPhrase { get; private set; }
    
            public HttpRequestMessage Request { get; private set; }
    
            public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
            {
                return Task.FromResult(Execute());
            }
    
            private HttpResponseMessage Execute()
            {
                return Request.CreateErrorResponse(HttpStatusCode.Unauthorized, this.ReasonPhrase);
            }
        }

    2、定义自定义认证过滤器(基于Cookie)

    /// <summary>
        /// 自定义认证
        /// </summary>
        public class CustomAuthenticationFilter : Attribute, IAuthenticationFilter
        {
            public virtual bool AllowMultiple
            {
                get { return false; }
            }
    
            public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
            {
                var principal = await this.AuthenticateAsync(context.Request);
                if (principal == null)
                {
                    context.Request.Headers.GetCookies().Clear();
                    context.ErrorResult = new AuthenticationFailureResult("未授权请求", context.Request);
                }
                else
                {
                    context.Principal = principal;
                }
            }
    
            public Task ChallengeAsync(HttpAuthenticationChallengeContext context, CancellationToken cancellationToken)
            {
                return Task.FromResult(0);
            }
    
            private Task<IPrincipal> AuthenticateAsync(HttpRequestMessage request)
            {
                return Task.Run<IPrincipal>(() =>
                    {
                        CookieHeaderValue cookieMobile = request.Headers.GetCookies("clientMobile").FirstOrDefault(),
                            cookieToken = request.Headers.GetCookies("clientToken").FirstOrDefault();
                        if (cookieMobile == null || cookieToken == null
                            || string.IsNullOrWhiteSpace(cookieMobile["clientMobile"].Value)
                            || string.IsNullOrWhiteSpace(cookieToken["clientToken"].Value))
                        {
                            return null;
                        }
    
                        string mobile = cookieMobile["clientMobile"].Value,
                            token = cookieToken["clientToken"].Value;
                        ClientDTO client = null;
                //此处从Redis服务器中取出指定用户,各位可以根据需要自行更换
    using (ICache cache = ObjectContainer.Current.Resolve<ICacheFactory>().CreateCache()) { client = cache.Get<ClientDTO>(RedisTables.CLIENT, mobile); }
                //验证用户合法性,如果合法,构建声明式安全主题权限模式并返回,若用户验证不通过返回空
    if (client != null && string.Equals(token, Md5Helper.MD5(string.Format("{0}{1}", mobile, client.MsgCode), 32), StringComparison.Ordinal)) { IEnumerable<Claim> claims = new List<Claim>() { new Claim(ClaimTypes.Name, mobile) }; var identity = new ClaimsIdentity("LoanCookie"); identity.AddClaims(claims); return new ClaimsPrincipal(identity); } return null; }); } }

    3、将认证特性标记应用于全局、控制器或控制器操作,以控制器操作为例:

  • 相关阅读:
    并发编程学习笔记之Java存储模型(十三)
    并发编程学习笔记之原子变量与非阻塞同步机制(十二)
    并发编程学习笔记之构建自定义的同步工具(十一)
    并发编程学习笔记之显示锁(十)
    并发编程学习笔记之可伸缩性(九)
    并发编程学习笔记之死锁(八)
    并发编程学习笔记之自定义配置线程池(七)
    并发编程学习笔记之取消和关闭(六)
    并发编程学习笔记之线程池(五)
    并发编程学习笔记之并发工具类(四)
  • 原文地址:https://www.cnblogs.com/guokun/p/5843783.html
Copyright © 2020-2023  润新知