建立新FilterAttribute继承AuthorizationFilterAttribute,覆写OnAuthorization拦截传入的HttpActionContext内容判断是否有传入指定的资料
public override void OnAuthorization(HttpActionContext filterContext)
{
var identity = FetchAuthHeader(filterContext); //取得資料內容
if (identity == null)
{
ChallengeAuthRequest(filterContext); //回傳錯誤訊息
return;
}
var genericPrincipal = new GenericPrincipal(identity, null);
//針對目前連線的使用者做授權
Thread.CurrentPrincipal = genericPrincipal;
if (!OnAuthorizeUser(identity.Name, identity.Password, filterContext)) //驗證
{
ChallengeAuthRequest(filterContext);
return;
}
base.OnAuthorization(filterContext);
}
解析HttpActionContext内容取得指定的资料
protected virtual BasicAuthenticationIdentity FetchAuthHeader(HttpActionContext filterContext)
{
string customer = "";
string pwd = "";
IEnumerable<string> authRequest = filterContext.Request.Headers.GetValues("指定的資料名稱");
IEnumerable<string> authRequest2 = filterContext.Request.Headers.GetValues("指定的資料名稱2");
try
{
customer = authRequest.FirstOrDefault();
pwd = authRequest2.FirstOrDefault();
}
catch { }
return new BasicAuthenticationIdentity(customer, pwd);
}
验证解析出来的资料是否符合需求
protected override bool OnAuthorizeUser(string username, string password, HttpActionContext actionContext)
{
if (username == "驗證資料" && password == "驗證碼")
return true;
return false;
}
建立验证失败时要回传的讯息
private static void ChallengeAuthRequest(HttpActionContext filterContext)
{
var dnsHost = filterContext.Request.RequestUri.DnsSafeHost;
filterContext.Response = filterContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
filterContext.Response.Headers.Add("WWW-Authenticate", string.Format("validate failed", dnsHost));
}
于WebApiConfig.cs中注册新增的Filter
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
GlobalConfiguration.Configuration.Filters.Add(new WebApi.Filters.ApiAuthenticationFilter());
}
}
最后在需要验证的API加上该Filter即可
[WebApi.Filters.ApiAuthenticationFilter]
public object QueryApi(string pInput)
{
return null;
}
转载自:AlenWu的程式学习笔记