需要给网站开发对接EMI 接口,因此想通过Webapi 进行传递参数,但是由于该方法不太安全,因此不选用,但是记录下该方法的使用。
1,创建WEBAPI 项目,打开nuget 搜索并安装
Microsoft.AspNet.WebApi.Owin
Microsoft.Owin.Host.SystemWeb
Microsoft.AspNet.Identity.Owin
Microsoft.Owin.Cors
2,在创建根目录下创建 Startup.cs 文件
using System;
using System.Web.Http;
using Owin;
using Microsoft.Owin;
using Microsoft.Owin.Security.OAuth;
using SqlSugar.WebApi;
[assembly: OwinStartup(typeof(WebApi.Startup))]
namespace WebApi
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
HttpConfiguration config = new HttpConfiguration();
ConfigureOAuth(app);
WebApiConfig.Register(config);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(config);
}
public void ConfigureOAuth(IAppBuilder app)
{
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"), //该方法用于调用token
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new SimpleAuthorizationServerProvider()
};
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
}
3,添加验证类 SimpleAuthorizationServerProvider
using System.Threading.Tasks;
using System.Security.Claims;
using Microsoft.Owin.Security.OAuth;
using System.Security.Cryptography;
using System.Text;
namespace WebApplication1
{
/// <summary>
/// Token验证
/// </summary>
public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
await Task.Factory.StartNew(() => context.Validated());
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
await Task.Factory.StartNew(() => context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }));
//*对用户名、密码进行数据校验
//using (AuthRepository _repo = new AuthRepository())
//{
// IdentityUser user = await _repo.FindUser(context.UserName, context.Password);
// if (user == null)
// {
// context.SetError("invalid_grant", "The user name or password is incorrect.");
// return;
// }
//}
var ws = new localhost.Service();
var md5Password = MD5Encrypt(context.Password);//e10adc3949ba59abbe56e057f20f883e
var user = ws.GetUserLogin(true, context.UserName, md5Password);
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("sub", context.Password));
identity.AddClaim(new Claim("role", "user"));
//identity.AddClaim(new Claim(ClaimTypes.Name, user.UserName));
context.Validated(identity);
}
/// <summary>
/// 用MD5加密字符串
/// </summary>
/// <param name="password">待加密的字符串</param>
/// <returns></returns>
public string MD5Encrypt(string password)
{
MD5CryptoServiceProvider md5Hasher = new MD5CryptoServiceProvider();
byte[] hashedDataBytes;
hashedDataBytes = md5Hasher.ComputeHash(Encoding.GetEncoding("gb2312").GetBytes(password));
StringBuilder tmp = new StringBuilder();
foreach (byte i in hashedDataBytes)
{
tmp.Append(i.ToString("x2"));
}
return tmp.ToString();
}
}
}
5,SimpleRefreshTokenProvider
using Microsoft.Owin.Security.Infrastructure;
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace WebApplication1.OAuth
{
public class SimpleRefreshTokenProvider : AuthenticationTokenProvider
{
private static ConcurrentDictionary<string, string> _refreshTokens = new ConcurrentDictionary<string, string>();
/// <summary>
/// 生成 refresh_token
/// </summary>
public override void Create(AuthenticationTokenCreateContext context)
{
context.Ticket.Properties.IssuedUtc = DateTime.UtcNow;
context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(60);
context.SetToken(Guid.NewGuid().ToString("n"));
_refreshTokens[context.Token] = context.SerializeTicket();
}
/// <summary>
/// 由 refresh_token 解析成 access_token
/// </summary>
public override void Receive(AuthenticationTokenReceiveContext context)
{
string value;
if (_refreshTokens.TryRemove(context.Token, out value))
{
context.DeserializeTicket(value);
}
}
}
}
6,创建控制器方法,在方法上面添加:[Authorize]
7,如方法获取文件并保存
[Authorize]
public IHttpActionResult Import()
{
string msg = string.Empty;
//接收form表单中提交过来的excel数据表
var file = HttpContext.Current.Request.Files["File"];
//限定上传excel扩展名
string[] extensionName = new string[] { ".XLSX", ".XLS" };
string serverPath = string.Empty;//上传至服务器的路径
//首先将excel文件上传至服务器
//然后转换成从服务器端读取数据插入数据中(浏览器相当于客户端,是无法直接读取远程客户端excel中的数据的)
//判断excel文件已经跟随表单被传递
if (!string.IsNullOrWhiteSpace(file.FileName))
{
//说明文件已经上传
string newName = string.Empty;
//获取excel文件扩展名
string extName = Path.GetExtension(file.FileName);
//获取服务器根路径
string rootPath = AppDomain.CurrentDomain.BaseDirectory;
//上传值服务器全路径
string fullPath = string.Empty;
//判断excel文件是否符合上传标准
if (extensionName.Contains(extName.ToUpper()))
{
//符合上传的文件标准
newName = Guid.NewGuid().ToString();
//此时是文件上传至服务器的文件全名
newName = newName + extName;
//上传至服务器的路径
serverPath = "Excels/"; //+ newName;
fullPath = rootPath + serverPath;
//判断文件上传文件路径
if (!Directory.Exists(fullPath))
{
//如果不存在,则创建目录
Directory.CreateDirectory(fullPath);
}
//对文件进行上传,读取和插入数据库操作
try
{
//执行上传值服务器操作
file.SaveAs(HttpContext.Current.Server.MapPath("~/" + serverPath + newName));
//文件上传至服务器以后,进行读取并导入数据库中
fullPath = fullPath + newName;
}
catch
{
//异常时删除上传至服务器的文件
File.Delete(fullPath);
}
finally
{
//异常时,手动关闭文件流,并释放内存!
file.InputStream.Close();
file.InputStream.Dispose();
}
}
else
{
msg = "数据导入失败,文件格式不符合标准,请选择后缀名为:.xlsx,.xls类型文件!";
}
}
else
{
msg = "导入数据失败,请在表单中选中要导入excel数据表!";
}
return null;
}
8,服务端调用
using (HttpClient client = new HttpClient())
{
var content = new MultipartFormDataContent();
//添加字符串参数,参数名为qq
//content.Add(new StringContent("123456"), "qq");
string path = @"C:\Users\CNRODAI2XX\Desktop\1E91A410.xls";//Path.Combine(System.Environment.CurrentDirectory, "1.png");
//添加文件参数,参数名为files,文件名为123.png
content.Add(new ByteArrayContent(System.IO.File.ReadAllBytes(path)), "file", "1E91A410.xls");
//content.("A", "B");
client.DefaultRequestHeaders.Add("a", "1");
client.DefaultRequestHeaders.Add("b", "2");
var requestUri = "http://localhost:57711/api/excel/import";
var result = client.PostAsync(requestUri, content).Result.Content.ReadAsStringAsync().Result;
Console.WriteLine(result);
}