• WebApi的调用-3.Basic验证


    Basic基本验证

    webapi里的特性

    /// <summary>
        ///  Basic验证   
        /// </summary>
        /// <remarks>
        ///     
        /// </remarks>
        public class BasicAuthorizeAttibute : AuthorizeAttribute
        {
            public override void OnAuthorization(HttpActionContext actionContext)
            {
                var authorization = actionContext.Request.Headers.Authorization; //HTTP标头的Authorization值
                //ActionDescriptor方法上,ActionDescriptor.ControllerDescriptor 类上
                //有[AllowAnonymousAttribute] 的情况下
                if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>(true).Count != 0
                    || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>(true).Count != 0)
                {
                    base.OnAuthorization(actionContext);
                }
                else if (authorization != null && authorization.Parameter != null)
                {
                    //用户逻辑验证
                    if (ValidateTicket(authorization.Parameter))
                    {
                        base.IsAuthorized(actionContext);
                    }
                    else
                    {
                        this.HandleUnauthorizedRequest(actionContext);
                    }
                }
                else
                {
                    this.HandleUnauthorizedRequest(actionContext);
                }
            }
    
    
            /// <summary>
            ///  验证用户逻辑   
            /// </summary>
            /// <param name="encryptTicket" type="string">
            /// 
            /// </param>
            /// 
            private bool ValidateTicket(string encryptTicket)
            {
               // var strTicket = FormsAuthentication.Decrypt(encryptTicket.Remove(encryptTicket.Length - 1).Remove(0, 1));
                var strTicket = FormsAuthentication.Decrypt(encryptTicket);
                return string.Equals(strTicket.UserData, string.Format("{0}&{1}", "admin", "123"));
            }
        }
    

    获取ticket

            [AllowAnonymous]
            [HttpGet]
            public HttpResponseMessage Login(string account, string password)
            {
                Model.User user = new User();
                if (account == "admin" && password == "123")
                {
                    FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(0, account, DateTime.Now,
                               DateTime.Now.AddHours(1), true, string.Format("{0}&{1}", account, password),
                               FormsAuthentication.FormsCookiePath);
                    return Success(user = new User() { name = account, pass = password, ticket = FormsAuthentication.Encrypt(ticket) });
                }
                else
                {
                    return Msg("登录失败");
                }
            }
    

    MVC里面请求头(后台请求)

    public string GetApi(string method, string queryString)
            {
                var result = ApiHelper.Instance.RequestApi(method, queryString, GetApiHeader());
                return result;
            }
    
    private WebHeaderCollection GetApiHeader()
            {
                string key = string.Format(GlobalVar.UserTiketCacheKey);
                var result = CacheHelper.CacheReader(key);
                WebHeaderCollection header = new WebHeaderCollection();
                header.Add(HttpRequestHeader.Authorization, "BasicAuth " + result);
                return header;
            }
    
  • 相关阅读:
    CSP内容安全策略总结及如何抵御 XSS 攻击
    CORS跨域资源共享总结
    web安全总结
    小知识随手记(八)
    内存泄漏问题总结
    Vue中插槽slot的使用
    Git常用命令、及常见报错处理:You have not concluded your merge (MERGE_HEAD exists)、清理无效的远程追踪分支
    render函数、createElement函数与vm.$slots
    Redis集群(二):Redis的安装
    Shell命令_文件系统常用命令df、du
  • 原文地址:https://www.cnblogs.com/tangge/p/7599281.html
Copyright © 2020-2023  润新知