2023年6月20日发(作者:)

WebApi⽤户⾝份验证(basic验证)webapi⽤户⾝份验证:Form⾝份验证 Basic window集成 摘要 OAuth案例使⽤basic验证;BasicAuthorizeAttribute : AuthorizeAttribute 只要带有BasicAuthorizeAttribute特性的控制器或控制器api都会在api执⾏前进⾏⾝份验证basic验证流程:在⽤户登录时记录票证Ticket(⽤户账号密码加密字符串)可存session中,也可以利⽤其他缓存技术存储实现多服务器共享⽤户⾝份验证,跨域验证。。。浏览器客户端调⽤webapi时需要在执⾏ajax请求时向Request Header设置authorization: BasicAuth 票证Ticket(可封装js) //模拟登录,记录票证Ticket [HttpGet] [Route("api/Login")] [AllowAnonymous] public string Login(string account, string password) { if (("Admin") && ("123456")) { FormsAuthenticationTicket ticketObject = new FormsAuthenticationTicket(0, account, , rs(1), true, ("{0}&{1}", account, password), ookiePath); var result = new { Result = true, Ticket = t(ticketObject) }; return izeObject(result); } else { var result = new { Result = false }; return izeObject(result); } } var ticket = "";//登陆后票证Ticket放在某个html⾥⾯,测试⽤,刷新页⾯将失效 //测试⽤户⾝份验证,有票证Ticket,可以验证通过 $("#btnGet3").on("click", function () { $.ajax({ url: '/api/ValuesGet/' + $("#txtId").val(), type: "get",

beforeSend: function (XHR) { //xhr XML Http Request //发送ajax请求之前向http的head⾥⾯加⼊验证信息,所有需要⽤户⾝份验证的ajax都要带上,可以封装js实现 uestHeader('Authorization', 'BasicAuth ' + ticket); },

success: function (data) { alert(data); }, datatype: "json" }); });后端在带有 [BasicAuthorizeAttribute]特性api在被执⾏前会进⾏⾝份验证[AllowAnonymous]特性跳过⾝份验证basic验证特性BasicAuthorizeAttributeusing System;using c;using ;using ;using ;using ty;namespace { ///

/// basic验证 /// public class BasicAuthorizeAttribute : AuthorizeAttribute { /// ///

发⽣请求前去完成验证 ///

/// public override void OnAuthorization(tionContext actionContext) { var authorization = ization; if (tomAttributes(true).Count != 0 || tomAttributes(true).Count != 0) { orization(actionContext);//正确的访问⽅法 } else if (authorization != null && ter != null) { //⽤户验证逻辑 if (ValidateTicket(ter)) { orized(actionContext);//正确的访问⽅法 } else { UnauthorizedRequest(actionContext);//没有权限 } } else { UnauthorizedRequest(actionContext);//没有权限 } } protected override void HandleUnauthorizedRequest(tionContext actionContext) { var challengeMessage = new sponseMessage(orized);//告诉浏览器要验证 ("WWW-Authenticate", "Basic");//权限信息放在basic //throw new sponseException(challengeMessage); UnauthorizedRequest(actionContext);//返回没有授权 } private bool ValidateTicket(string encryptTicket) { //解密Ticket var strTicket = t(encryptTicket).UserData; return (strTicket, ("{0}&{1}", "Admin", "123456")); //应该分拆后去数据库验证 } }}

2023年6月20日发(作者:)

WebApi⽤户⾝份验证(basic验证)webapi⽤户⾝份验证:Form⾝份验证 Basic window集成 摘要 OAuth案例使⽤basic验证;BasicAuthorizeAttribute : AuthorizeAttribute 只要带有BasicAuthorizeAttribute特性的控制器或控制器api都会在api执⾏前进⾏⾝份验证basic验证流程:在⽤户登录时记录票证Ticket(⽤户账号密码加密字符串)可存session中,也可以利⽤其他缓存技术存储实现多服务器共享⽤户⾝份验证,跨域验证。。。浏览器客户端调⽤webapi时需要在执⾏ajax请求时向Request Header设置authorization: BasicAuth 票证Ticket(可封装js) //模拟登录,记录票证Ticket [HttpGet] [Route("api/Login")] [AllowAnonymous] public string Login(string account, string password) { if (("Admin") && ("123456")) { FormsAuthenticationTicket ticketObject = new FormsAuthenticationTicket(0, account, , rs(1), true, ("{0}&{1}", account, password), ookiePath); var result = new { Result = true, Ticket = t(ticketObject) }; return izeObject(result); } else { var result = new { Result = false }; return izeObject(result); } } var ticket = "";//登陆后票证Ticket放在某个html⾥⾯,测试⽤,刷新页⾯将失效 //测试⽤户⾝份验证,有票证Ticket,可以验证通过 $("#btnGet3").on("click", function () { $.ajax({ url: '/api/ValuesGet/' + $("#txtId").val(), type: "get",

beforeSend: function (XHR) { //xhr XML Http Request //发送ajax请求之前向http的head⾥⾯加⼊验证信息,所有需要⽤户⾝份验证的ajax都要带上,可以封装js实现 uestHeader('Authorization', 'BasicAuth ' + ticket); },

success: function (data) { alert(data); }, datatype: "json" }); });后端在带有 [BasicAuthorizeAttribute]特性api在被执⾏前会进⾏⾝份验证[AllowAnonymous]特性跳过⾝份验证basic验证特性BasicAuthorizeAttributeusing System;using c;using ;using ;using ;using ty;namespace { ///

/// basic验证 /// public class BasicAuthorizeAttribute : AuthorizeAttribute { /// ///

发⽣请求前去完成验证 ///

/// public override void OnAuthorization(tionContext actionContext) { var authorization = ization; if (tomAttributes(true).Count != 0 || tomAttributes(true).Count != 0) { orization(actionContext);//正确的访问⽅法 } else if (authorization != null && ter != null) { //⽤户验证逻辑 if (ValidateTicket(ter)) { orized(actionContext);//正确的访问⽅法 } else { UnauthorizedRequest(actionContext);//没有权限 } } else { UnauthorizedRequest(actionContext);//没有权限 } } protected override void HandleUnauthorizedRequest(tionContext actionContext) { var challengeMessage = new sponseMessage(orized);//告诉浏览器要验证 ("WWW-Authenticate", "Basic");//权限信息放在basic //throw new sponseException(challengeMessage); UnauthorizedRequest(actionContext);//返回没有授权 } private bool ValidateTicket(string encryptTicket) { //解密Ticket var strTicket = t(encryptTicket).UserData; return (strTicket, ("{0}&{1}", "Admin", "123456")); //应该分拆后去数据库验证 } }}