• WebApi实现验证授权Token,WebApi生成文档等(转)


    using System;
    using System.Linq;
    using System.Web;
    using System.Web.Http;
    using System.Web.Security;
     
    namespace OtherApi.Auth
    {
     
        public class AuthFilterOutside : AuthorizeAttribute
        {
            //重写基类的验证方式,加入我们自定义的Ticket验证
            public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
            {
                //url获取token
                var content = actionContext.Request.Properties["MS_HttpContext"] as HttpContextBase;
                var token = content.Request.Headers["Token"];
                if (!string.IsNullOrEmpty(token))
                {
                    //解密用户ticket,并校验用户名密码是否匹配
                    if (ValidateTicket(token))
                    {
                        base.IsAuthorized(actionContext);
                    }
                    else
                    {
                        HandleUnauthorizedRequest(actionContext);
                    }
                }
                //如果取不到身份验证信息,并且不允许匿名访问,则返回未验证401
                else
                {
                    var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>();
                    bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute);
                    if (isAnonymous) base.OnAuthorization(actionContext);
                    else HandleUnauthorizedRequest(actionContext);
                }
            }
     
            //校验票据(数据库数据匹配)
            private bool ValidateTicket(string encryptToken)
            {
                bool flag = false;
                try
                {
                    //获取数据库Token
                    Dec.Models.TicketAuth model = Dec.BLL.TicketAuth.GetTicketAuthByToken(encryptToken);
                    if (model.Token == encryptToken) //存在
                    {
                        //未超时
                        flag = (DateTime.Now <= model.ExpireDate) ? true : false;
                    }
                }
                catch (Exception ex) { }
                return flag;
            }
        }
    }
    using System;
    using System.Web;
    using System.Web.Http;
    using System.Web.Security;
    using System.Net.Http;
    using System.Collections.Generic;
    using Newtonsoft.Json;
    using Newtonsoft.Json.Linq;
    using System.Text;
    using OtherApi.Auth;  //引用验证
     
    namespace SpiderApi.Controllers
    {
        /// <summary>
        /// 用户授权接口
        /// </summary>
        public class AccountController : ApiController
        {
            #region 用户登录授权
            /// <summary>
            /// 用户登录授权
            /// </summary>
            /// <param name="username">用户名</param>
            /// <param name="password">密码</param>
            /// <returns></returns>
            [Route("api/account/login")]
            [HttpGet]
            public HttpResponseMessage Login(string username, string password)
            {
                //定义
                ResponseResult obj = new ResponseResult();
                var model = GetLoginModel(username, password);
                if (model != null)
                {
                    int userId = model.UserId;
                    string Token = UntilHelper.Md5Encode(UntilHelper.GetExtGuidID(), 32);
                    var dtNow = DateTime.Now;
     
                    #region 将身份信息保存票据表中,验证当前请求是否是有效请求
                    //判断此用户是否存在票据信息
                    if (Dec.BLL.TicketAuth.GetTicketAuthByUserId(userId) != null)
                    {
                        //清空重置
                        Dec.BLL.TicketAuth.DeleteByUserId(userId);
                    }
                    Dec.Models.TicketAuth ticket = new Dec.Models.TicketAuth();
                    ticket.UserID = userId;
                    ticket.Token = Token;
                    ticket.CreateDate = dtNow;
                    ticket.ExpireDate = dtNow.AddMinutes(30); //30分钟过期
                    Dec.BLL.TicketAuth.Add(ticket);
                    #endregion
     
                    //返回信息            
                    obj.status = true;
                    obj.message = "用户登录成功";
                    JObject jo = new JObject();
                    jo.Add("userid", userId);
                    jo.Add("loginname", model.LoginName);
                    jo.Add("nickname", model.NickName);
                    jo.Add("usertype", model.UserType); //(int)UserTypeEnum.Seller
                    jo.Add("token", Token);
                    obj.info = jo;
                }
                else
                {
                    obj.status = false;
                    obj.message = "用户登录失败";
                }
                var resultObj = JsonConvert.SerializeObject(obj, Formatting.Indented);
                HttpResponseMessage result = new HttpResponseMessage { Content = new StringContent(resultObj, Encoding.GetEncoding("UTF-8"), "application/json") };
                return result;
            }
            #endregion
     
            #region 用户退出登录,清空Token
            /// <summary>
            /// 用户退出登录,清空Token
            /// </summary>
            /// <param name="userId">用户ID</param>
            /// <returns></returns>
            [Route("api/account/loginout")]
            [HttpGet]
            public HttpResponseMessage LoginOut(int userId)
            {
                //定义
                ResponseResult obj = new ResponseResult();
                try
                {
                    //清空数据库该用户票据数据
                    Dec.BLL.TicketAuth.DeleteByUserId(userId);
                }
                catch (Exception ex) { }
                //返回信息            
                obj.status = true;
                obj.message = "成功退出";
                var resultObj = JsonConvert.SerializeObject(obj);
                HttpResponseMessage result = new HttpResponseMessage { Content = new StringContent(resultObj, Encoding.GetEncoding("UTF-8"), "application/json") };
                return result;
            }
            #endregion
     
            #region 查询Token是否有效
            /// <summary>
            /// 查询Token是否有效
            /// </summary>
            /// <param name="token">token</param>
            /// <returns></returns>
            [Route("api/account/validatetoken")]
            [HttpGet]
            public HttpResponseMessage ValidateToken(string token)
            {
                //定义
                ResponseResult obj = new ResponseResult();
                bool flag = ValidateTicket(token);
                if (flag)
                {
                    //返回信息            
                    obj.status = true;
                    obj.message = "token有效";
                }
                else
                {
                    obj.status = false;
                    obj.message = "token无效";
                }
                var resultObj = JsonConvert.SerializeObject(obj);
                HttpResponseMessage result = new HttpResponseMessage { Content = new StringContent(resultObj, Encoding.GetEncoding("UTF-8"), "application/json") };
                return result;
            }
            #endregion
     
            #region 获取用户账户余额
            /// <summary>
            /// 获取用户账户余额
            /// </summary>
            /// <param name="userId">用户ID</param>
            /// <returns></returns>
            [Route("api/account/amount")]
            [HttpGet]
            [AuthFilterOutside] //添加验证
            public HttpResponseMessage GetAmount(int userId)
            {
                //定义
                ResponseResult obj = new ResponseResult();
                //获取数据库数据
                Dec.Models.UserInfo model = Dec.BLL.UserInfo.GetUserInfoByUserId(userId);
                if (model != null)
                {
                    //返回信息            
                    obj.status = true;
                    obj.message = "获取用户账户余额成功";
                    JObject jo = new JObject();
                    jo.Add("userid", model.UserId);
                    jo.Add("amount", model.Amount);
                    obj.info = jo;
                }
                else
                {
                    obj.status = false;
                    obj.message = "获取用户账户余额失败";
                }
     
                var resultObj = JsonConvert.SerializeObject(obj);
                HttpResponseMessage result = new HttpResponseMessage { Content = new StringContent(resultObj, Encoding.GetEncoding("UTF-8"), "application/json") };
                return result;
            }
            #endregion
     
            /// <summary>
            /// 用户充值接口
            /// </summary>
            /// <param name="userid">用户ID</param>
            /// <param name="amount">充值金额</param>
            /// <returns></returns>
            [Route("api/account/recharge")]
            [HttpGet]
            [AuthFilterInside]
            public HttpResponseMessage Recharge(string userid, double amount)
            {
                //定义
                ResponseResult obj = new ResponseResult();
                //获取数据库数据
     
                //返回信息            
                obj.status = true;
                obj.message = "操作成功,请等待第三方支付平台返回通知核实是否到账";
                JObject jo = new JObject();
                jo.Add("userid", "123456789");
                jo.Add("amount", 125.80);
                obj.info = jo;
     
                var resultObj = JsonConvert.SerializeObject(obj);
                HttpResponseMessage result = new HttpResponseMessage { Content = new StringContent(resultObj, Encoding.GetEncoding("UTF-8"), "application/json") };
                return result;
            }
     
             #region 验证票据是否有效
            /// <summary>
            /// 验证票据是否有效
            /// </summary>
            /// <param name="encryptToken">token</param>
            /// <returns></returns>
            private bool ValidateTicket(string encryptToken)
            {
                bool flag = false;
                try
                {
                    //获取数据库Token
                    Dec.Models.TicketAuth model = Dec.BLL.TicketAuth.GetTicketAuthByToken(encryptToken);
                    if (model.Token == encryptToken) //存在
                    {
                        //未超时
                        flag = (DateTime.Now <= model.ExpireDate) ? true : false;
                    }
                }
                catch (Exception ex) { }
                return flag;
            }
            #endregion
     
            #region 用户登录
            /// <summary>
            /// 用户登录
            /// </summary>
            /// <param name="userName">用户名</param>
            /// <param name="userPwd">密码</param>
            /// <returns></returns>
            private Dec.Models.UserInfo GetLoginModel(string userName, string userPwd)
            {
                Dec.Models.UserInfo model = new Dec.Models.UserInfo();
                try
                {
                    if (!string.IsNullOrWhiteSpace(userName) && !string.IsNullOrWhiteSpace(userPwd))
                    {
                        //数据库比对
                        model = Dec.BLL.UserInfo.GetUserInfoByUserNamePwd(userName, UntilHelper.Md5Encode(userPwd, 32));
                    }
                }
                catch (Exception ex) { }
                return model;
            }
            #endregion
        }
    }
    //////////////////////////////////////////////////////////////////
    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Web.Http;
    using System.Web.Mvc;
    using System.Web.Routing;
     
    namespace SpiderApi
    {
        public class WebApiApplication : System.Web.HttpApplication
        {
            protected void Application_Start()
            {
                //WebApi文档
                AreaRegistration.RegisterAllAreas();
                GlobalConfiguration.Configure(WebApiConfig.Register);
            }
     
            protected void Application_PostAuthorizeRequest()
            {
                //Enable Session
                HttpContext.Current.SetSessionStateBehavior(System.Web.SessionState.SessionStateBehavior.Required);
            }
        }
    }
    // Uncomment the following to provide samples for PageResult<T>. Must also add the Microsoft.AspNet.WebApi.OData
    // package to your project. 先安装Help Page包  HelpPage=>App_start=>HelpPageConfig.cs
    ////#define Handle_PageResultOfT
     
    using System;
    using System.Collections;
    using System.Collections.Generic;
    using System.Diagnostics;
    using System.Diagnostics.CodeAnalysis;
    using System.Linq;
    using System.Net.Http.Headers;
    using System.Reflection;
    using System.Web;
    using System.Web.Http;
    using SpiderApi.Models;
    #if Handle_PageResultOfT
    using System.Web.Http.OData;
    #endif
     
    namespace SpiderApi.Areas.HelpPage
    {
        /// <summary>
        /// Use this class to customize the Help Page.
        /// For example you can set a custom <see cref="System.Web.Http.Description.IDocumentationProvider"/> to supply the documentation
        /// or you can provide the samples for the requests/responses.
        /// </summary>
        public static class HelpPageConfig
        {
            [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters",
                MessageId = "SpiderApi.Areas.HelpPage.TextSample.#ctor(System.String)",
                Justification = "End users may choose to merge this string with existing localized resources.")]
            [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly",
                MessageId = "bsonspec",
                Justification = "Part of a URI.")]
            public static void Register(HttpConfiguration config)
            {
                //// Uncomment the following to use the documentation from XML documentation file.
                //开启解析
                config.SetDocumentationProvider(new XmlDocumentationProvider(HttpContext.Current.Server.MapPath("~/Bin/SpiderApi.XML")));
     
                //// Uncomment the following to use "sample string" as the sample for all actions that have string as the body parameter or return type.
                //// Also, the string arrays will be used for IEnumerable<string>. The sample objects will be serialized into different media type 
                //// formats by the available formatters.
                //config.SetSampleObjects(new Dictionary<Type, object>
                //{
                //    {typeof(string), "sample string"},
                //    {typeof(IEnumerable<string>), new string[]{"sample 1", "sample 2"}}
                //});
                //添加映射
                config.SetSampleResponse(Sample.BatchSendMessageResponse(), new MediaTypeHeaderValue("text/json"), "MessageQueue", "BatchSendMessage");
                config.SetSampleResponse(Sample.BatchReceiveMessageResponse(), new MediaTypeHeaderValue("text/json"), "MessageQueue", "BatchReceiveMessage");
                config.SetSampleResponse(Sample.DeleteMessageResponse(), new MediaTypeHeaderValue("text/json"), "MessageQueue", "DeleteMessage");
                config.SetSampleResponse(Sample.BatchDeleteMessageResponse(), new MediaTypeHeaderValue("text/json"), "MessageQueue", "BatchDeleteMessage");
                config.SetSampleResponse(Sample.ChangeMessageVisibilityResponse(), new MediaTypeHeaderValue("text/json"), "MessageQueue", "ChangeMessageVisibility");
     
                // Extend the following to provide factories for types not handled automatically (those lacking parameterless
                // constructors) or for which you prefer to use non-default property values. Line below provides a fallback
                // since automatic handling will fail and GeneratePageResult handles only a single type.
    #if Handle_PageResultOfT
                config.GetHelpPageSampleGenerator().SampleObjectFactories.Add(GeneratePageResult);
    #endif
     
                // Extend the following to use a preset object directly as the sample for all actions that support a media
                // type, regardless of the body parameter or return type. The lines below avoid display of binary content.
                // The BsonMediaTypeFormatter (if available) is not used to serialize the TextSample object.
                config.SetSampleForMediaType(
                    new TextSample("Binary JSON content. See http://bsonspec.org for details."),
                    new MediaTypeHeaderValue("application/bson"));
     
                //// Uncomment the following to use "[0]=foo&[1]=bar" directly as the sample for all actions that support form URL encoded format
                //// and have IEnumerable<string> as the body parameter or return type.
                //config.SetSampleForType("[0]=foo&[1]=bar", new MediaTypeHeaderValue("application/x-www-form-urlencoded"), typeof(IEnumerable<string>));
     
                //// Uncomment the following to use "1234" directly as the request sample for media type "text/plain" on the controller named "Values"
                //// and action named "Put".
                //config.SetSampleRequest("1234", new MediaTypeHeaderValue("text/plain"), "Values", "Put");
     
                //// Uncomment the following to use the image on "../images/aspNetHome.png" directly as the response sample for media type "image/png"
                //// on the controller named "Values" and action named "Get" with parameter "id".
                //config.SetSampleResponse(new ImageSample("../images/aspNetHome.png"), new MediaTypeHeaderValue("image/png"), "Values", "Get", "id");
     
                //// Uncomment the following to correct the sample request when the action expects an HttpRequestMessage with ObjectContent<string>.
                //// The sample will be generated as if the controller named "Values" and action named "Get" were having string as the body parameter.
                //config.SetActualRequestType(typeof(string), "Values", "Get");
     
                //// Uncomment the following to correct the sample response when the action returns an HttpResponseMessage with ObjectContent<string>.
                //// The sample will be generated as if the controller named "Values" and action named "Post" were returning a string.
                //config.SetActualResponseType(typeof(string), "Values", "Post");
            }
     
    #if Handle_PageResultOfT
            private static object GeneratePageResult(HelpPageSampleGenerator sampleGenerator, Type type)
            {
                if (type.IsGenericType)
                {
                    Type openGenericType = type.GetGenericTypeDefinition();
                    if (openGenericType == typeof(PageResult<>))
                    {
                        // Get the T in PageResult<T>
                        Type[] typeParameters = type.GetGenericArguments();
                        Debug.Assert(typeParameters.Length == 1);
     
                        // Create an enumeration to pass as the first parameter to the PageResult<T> constuctor
                        Type itemsType = typeof(List<>).MakeGenericType(typeParameters);
                        object items = sampleGenerator.GetSampleObject(itemsType);
     
                        // Fill in the other information needed to invoke the PageResult<T> constuctor
                        Type[] parameterTypes = new Type[] { itemsType, typeof(Uri), typeof(long?), };
                        object[] parameters = new object[] { items, null, (long)ObjectGenerator.DefaultCollectionSize, };
     
                        // Call PageResult(IEnumerable<T> items, Uri nextPageLink, long? count) constructor
                        ConstructorInfo constructor = type.GetConstructor(parameterTypes);
                        return constructor.Invoke(parameters);
                    }
                }
     
                return null;
            }
    #endif
        }
    }
    /*
    API接口测试工具 - WebApiTestClient使用--Nuget引入组件 
    --A Simple Test Client for ASP.NET Web API
    */
    /*
    1、修改Api.cshtml文件
    通过上述步骤,就能将组件WebAPITestClient引入进来。下面我们只需要做一件事:打开文件 (根据 AreasHelpPageViewsHelp) Api.cshtml 并添加以下内容:
    @Html.DisplayForModel("TestClientDialogs")
    @Html.DisplayForModel("TestClientReferences")
    添加后Api.cshtml文件的代码如下
    */
     
     
    @using System.Web.Http
    @using WebApiTestClient.Areas.HelpPage.Models
    @model HelpPageApiModel
     
    @{
        var description = Model.ApiDescription;
        ViewBag.Title = description.HttpMethod.Method + " " + description.RelativePath;
    }
     
    <link type="text/css" href="~/Areas/HelpPage/HelpPage.css" rel="stylesheet" />
    <div id="body" class="help-page">
        <section class="featured">
            <div class="content-wrapper">
                <p>
                    @Html.ActionLink("Help Page Home", "Index")
                </p>
            </div>
        </section>
        <section class="content-wrapper main-content clear-fix">
            @Html.DisplayForModel()
        </section>
    </div>
     
    @Html.DisplayForModel("TestClientDialogs")
    @section Scripts{
        <link href="~/Areas/HelpPage/HelpPage.css" rel="stylesheet" />
        @Html.DisplayForModel("TestClientReferences")
    }

    源自:https://blog.csdn.net/smartsmile2012/article/details/52936011/

  • 相关阅读:
    ZYAR20A 亚克力2驱 蓝牙 298寻迹避障机器人 —— 小车按键启动和蜂鸣器报警
    ZYAR20A 亚克力2驱 蓝牙 298寻迹避障机器人 —— 小车指定花式动作
    ZYAR20A 亚克力2驱 蓝牙 298寻迹避障机器人 —— 小车指定花式动作
    ZYAR20A 亚克力2驱 蓝牙 298寻迹避障机器人 —— 小车指定花式动作
    ZYAR20A 亚克力2驱 蓝牙 298寻迹避障机器人 —— 小车前后左右综合实验
    ZYAR20A 亚克力2驱 蓝牙 298寻迹避障机器人 —— 小车前后左右综合实验
    ZYAR20A 亚克力2驱 蓝牙 298寻迹避障机器人 —— 小车前后左右综合实验
    asp中设置session过期时间方法总结
    asp中设置session过期时间方法总结
    ASP.NET关于Session_End触发与否的问题
  • 原文地址:https://www.cnblogs.com/youmingkuang/p/9942392.html
Copyright © 2020-2023  润新知