MVC—WebAPI(调用、授权)
ASP.NET MVC—WebAPI(调用、授权)
本系列目录:ASP.NET MVC4入门到精通系列目录汇总
微软有了Webservice和WCF,为什么还要有WebAPI?
用过WCF的人应该都清楚,面对那一大堆复杂的配置文件,有时候一出问题,真的会叫人抓狂。而且供不同的客户端调用不是很方便。不得不承认WCF的功能确实非常强大,可是有时候我们通常不需要那么复杂的功能,只需要简单的仅通过使用Http或Https来调用的增删改查功能,这时,WebAPI应运而生。那么什么时候考虑使用WebAPI呢?
当你遇到以下这些情况的时候,就可以考虑使用Web API了。
- 需要Web Service但是不需要SOAP
- 需要在已有的WCF服务基础上建立non-soap-based http服务
- 只想发布一些简单的Http服务,不想使用相对复杂的WCF配置
- 发布的服务可能会被带宽受限的设备访问
- 希望使用开源框架,关键时候可以自己调试或者自定义一下框架
熟悉MVC的朋友你可能会觉得Web API 与MVC很类似。
Demo
1、新建项目,WebApi
2、新建类Product
public class Product
{
public int Id { get; set; }
public string Name { get; set; }
public string Category { get; set; }
public decimal Price { get; set; }
}
3、新建控制器Products,为了演示,我这里不连接数据库,直接代码中构造假数据
using System.Net.Http;
using System.Web.Http; public class ProductsController : ApiController
{
Product[] products = new Product[]
{
new Product { Id = 1, Name = "Tomato Soup", Category = "Groceries", Price = 1 },
new Product { Id = 2, Name = "Yo-yo", Category = "Toys", Price = 3.75M },
new Product { Id = 3, Name = "Hammer", Category = "Hardware", Price = 16.99M }
}; public IEnumerable<Product> GetAllProducts()
{
return products;
} public IHttpActionResult GetProduct(int id)
{
var product = products.FirstOrDefault((p) => p.Id == id);
if (product == null)
{
return NotFound();
}
return Ok(product);
}
}
4、新建Index.html来测试WebAPI的调用,代码如下:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Product App</title>
</head>
<body>
<div>
<h2>All Products</h2>
<ul id="products" />
</div>
<div>
<h2>Search by ID</h2>
<input type="text" id="prodId" size="5" />
<input type="button" value="Search" onclick="find();" />
<p id="product" />
</div>
<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.0.3.min.js"></script>
<script>
var uri = 'api/products';
$(document).ready(function () {
$.getJSON(uri)
.done(function (data) {
$.each(data, function (key, item) {
$('<li>', { text: formatItem(item) }).appendTo($('#products'));
});
});
});
function formatItem(item) {
return item.Name + ': $' + item.Price;
}
function find() {
var id = $('#prodId').val();
$.getJSON(uri + '/' + id)
.done(function (data) {
$('#product').text(formatItem(data));
})
.fail(function (jqXHR, textStatus, err) {
$('#product').text('Error: ' + err);
});
}
</script>
</body>
</html>
运行结果如下:
WebAPI授权
1、新建授权过滤器类APIAuthorizeAttribute.cs
/* ==============================================================================
* 功能描述:APIAuthorizeAttribute
* 创 建 者:Zouqj
* 创建日期:2015/11/3 11:37:45
==============================================================================*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Principal;
using System.Text;
using System.Threading;
using System.Web;
using System.Web.Http.Filters;
using Uuch.HP.WebAPI.Helper;
namespace Uuch.HP.WebAPI.Filter
{
public class APIAuthorizeAttribute : AuthorizationFilterAttribute
{
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
//如果用户使用了forms authentication,就不必在做basic authentication了
if (Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
return;
}
var authHeader = actionContext.Request.Headers.Authorization;
if (authHeader != null)
{
if (authHeader.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase) &&
!String.IsNullOrWhiteSpace(authHeader.Parameter))
{
var credArray = GetCredentials(authHeader);
var userName = credArray[0];
var key = credArray[1];
string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
//if (IsResourceOwner(userName, actionContext))
//{
//You can use Websecurity or asp.net memebrship provider to login, for
//for he sake of keeping example simple, we used out own login functionality
if (APIAuthorizeInfoValidate.ValidateApi(userName,key,ip))//Uuch.HPKjy.Core.Customs.APIAuthorizeInfo.GetModel(userName, key, ip) != null
{
var currentPrincipal = new GenericPrincipal(new GenericIdentity(userName), null);
Thread.CurrentPrincipal = currentPrincipal;
return;
}
//}
}
}
HandleUnauthorizedRequest(actionContext);
}
private string[] GetCredentials(System.Net.Http.Headers.AuthenticationHeaderValue authHeader)
{
//Base 64 encoded string
var rawCred = authHeader.Parameter;
var encoding = Encoding.GetEncoding("iso-8859-1");
var cred = encoding.GetString(Convert.FromBase64String(rawCred));
var credArray = cred.Split(':');
return credArray;
}
private bool IsResourceOwner(string userName, System.Web.Http.Controllers.HttpActionContext actionContext)
{
var routeData = actionContext.Request.GetRouteData();
var resourceUserName = routeData.Values["userName"] as string;
if (resourceUserName == userName)
{
return true;
}
return false;
}
private void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
actionContext.Response.Headers.Add("WWW-Authenticate",
"Basic Scheme='eLearning' location='http://localhost:8323/APITest'");
}
}
}
2、添加验证方法类APIAuthorizeInfoValidate.cs
using Newtonsoft.Json;
/* ==============================================================================
* 功能描述:APIAuthorizeInfoValidate
* 创 建 者:Zouqj
* 创建日期:2015/11/3 16:26:10
==============================================================================*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace Uuch.HP.WebAPI.Helper
{
public class APIAuthorizeInfo
{
public string UserName { get; set; }
public string Key { get; set; }
}
public class APIAuthorizeInfoValidate
{
public static bool ValidateApi(string username, string key, string ip)
{
var _APIAuthorizeInfo = JsonConvert.DeserializeObject <List<APIAuthorizeInfo>>(WebConfigHelper.ApiAuthorize);
var ips = WebConfigHelper.IPs.Contains(",") ? WebConfigHelper.IPs.Split(',') : new string[] { WebConfigHelper.IPs };
if (_APIAuthorizeInfo != null && _APIAuthorizeInfo.Count > 0)
{
foreach (var v in _APIAuthorizeInfo)
{
if (v.UserName == username && v.Key == key && ips.Contains(ip))
{
return true;
}
}
}
return false;
}
}
}
3、把添加到全局过滤器中,这里要注意了,不要添加到FilterConfig.cs,而要添加到WebApiConfig.cs,因为FilterConfig是MVC用的,我们这里是WebAPI。
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
config.Filters.Add(new APIAuthorizeAttribute());
}
}
使用C#来调用WebAPI
以下用到的几个类,已经被我封装好了,可以直接使用。
1、新建webAPI站点,然后新建控制器RProducts
public class RProductsController : ApiController
{
/// <summary>
/// 备案商品回执记录回调接口
/// </summary>
/// <param name="lst"></param>
/// <returns></returns>
public int Put(List<RProduct> lst)
{
return ReceiptInfo.UpdateReceiptProductInfo(lst);
}
}
2、新建类WebApiClient.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using DBHelper.Entitys;
namespace DBHelper
{
public static class WebApiClient<T>
{
static void SetBasicAuthorization(HttpClient client)
{
HttpRequestHeaders header=client.DefaultRequestHeaders;
string user = ConfigHelper.UserName;
string key = ConfigHelper.Key;
Encoding encoding = Encoding.UTF8;
// Add an Accept header for JSON format.
// 为JSON格式添加一个Accept报头
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
//Base64编码
var data = Convert.ToBase64String(encoding.GetBytes(user + ":" + key));
//设置AuthenticationHeaderValue
header.Authorization = new AuthenticationHeaderValue("Basic", data);
//通过HttpRequestHeaders.Add
//header.Add("Authorization", "Basic " + data);
}
public static List<T> GetAll(string url)
{
List<T> li = new List<T>();
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
// List all products.
// 列出所有产品
HttpResponseMessage response = client.GetAsync(url).Result;// Blocking call(阻塞调用)!
if (response.IsSuccessStatusCode)
{
// Parse the response body. Blocking!
// 解析响应体。阻塞!
li = response.Content.ReadAsAsync<List<T>>().Result;
}
else
{
Console.WriteLine("{0} ({1})", (int)response.StatusCode, response.ReasonPhrase);
}
return li;
}
public static T GetByFilter(string url)
{
T entity = default(T);
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
// List all products.
// 列出所有产品
HttpResponseMessage response = client.GetAsync(url).Result;// Blocking call(阻塞调用)!
if (response.IsSuccessStatusCode)
{
// Parse the response body. Blocking!
// 解析响应体。阻塞!
entity = response.Content.ReadAsAsync<T>().Result;
}
return entity;
}
public static T Get(string url,string id)
{
T entity=default(T);
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
// List all products.
// 列出所有产品
HttpResponseMessage response = client.GetAsync(string.Format("{0}/{1}",url,id)).Result;// Blocking call(阻塞调用)!
if (response.IsSuccessStatusCode)
{
// Parse the response body. Blocking!
// 解析响应体。阻塞!
entity = response.Content.ReadAsAsync<T>().Result;
}
return entity;
}
public static bool Edit(string url,List<int> value)
{
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PutAsJsonAsync(url,value).Result;
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
return false;
}
}
public static bool Edit(string url, Dictionary<int, string> dic)
{
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PutAsJsonAsync(url, dic).Result;
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
return false;
}
}
public static bool EditModel(string url, List<T> value)
{
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PutAsJsonAsync(url, value).Result;
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
return false;
}
}
public static List<TI> GetList<TI>(string url, List<int> value)
{
List<TI> list = new List<TI>();
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PostAsJsonAsync(url, value).Result;
if (response.IsSuccessStatusCode)
{
list = response.Content.ReadAsAsync<List<TI>>().Result;
}
else
{
list = new List<TI>();
}
return list;
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using DBHelper.Entitys; namespace DBHelper
{
public static class WebApiClient<T>
{
static void SetBasicAuthorization(HttpClient client)
{
HttpRequestHeaders header=client.DefaultRequestHeaders;
string user = ConfigHelper.UserName;
string key = ConfigHelper.Key;
Encoding encoding = Encoding.UTF8;
// Add an Accept header for JSON format.
// 为JSON格式添加一个Accept报头
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); //Base64编码
var data = Convert.ToBase64String(encoding.GetBytes(user + ":" + key));
//设置AuthenticationHeaderValue
header.Authorization = new AuthenticationHeaderValue("Basic", data);
//通过HttpRequestHeaders.Add
//header.Add("Authorization", "Basic " + data);
}
public static List<T> GetAll(string url)
{
List<T> li = new List<T>();
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
// List all products.
// 列出所有产品
HttpResponseMessage response = client.GetAsync(url).Result;// Blocking call(阻塞调用)!
if (response.IsSuccessStatusCode)
{
// Parse the response body. Blocking!
// 解析响应体。阻塞!
li = response.Content.ReadAsAsync<List<T>>().Result;
}
else
{
Console.WriteLine("{0} ({1})", (int)response.StatusCode, response.ReasonPhrase);
}
return li;
} public static T GetByFilter(string url)
{
T entity = default(T);
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
// List all products.
// 列出所有产品
HttpResponseMessage response = client.GetAsync(url).Result;// Blocking call(阻塞调用)!
if (response.IsSuccessStatusCode)
{
// Parse the response body. Blocking!
// 解析响应体。阻塞!
entity = response.Content.ReadAsAsync<T>().Result;
}
return entity;
} public static T Get(string url,string id)
{
T entity=default(T);
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
// List all products.
// 列出所有产品
HttpResponseMessage response = client.GetAsync(string.Format("{0}/{1}",url,id)).Result;// Blocking call(阻塞调用)!
if (response.IsSuccessStatusCode)
{
// Parse the response body. Blocking!
// 解析响应体。阻塞!
entity = response.Content.ReadAsAsync<T>().Result;
}
return entity;
} public static bool Edit(string url,List<int> value)
{
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PutAsJsonAsync(url,value).Result;
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
return false;
}
}
public static bool Edit(string url, Dictionary<int, string> dic)
{
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PutAsJsonAsync(url, dic).Result;
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
return false;
}
}
public static bool EditModel(string url, List<T> value)
{
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PutAsJsonAsync(url, value).Result;
if (response.IsSuccessStatusCode)
{
return true;
}
else
{
return false;
}
} public static List<TI> GetList<TI>(string url, List<int> value)
{
List<TI> list = new List<TI>();
HttpClient client = new HttpClient();
SetBasicAuthorization(client);
var response = client.PostAsJsonAsync(url, value).Result;
if (response.IsSuccessStatusCode)
{
list = response.Content.ReadAsAsync<List<TI>>().Result;
}
else
{
list = new List<TI>();
}
return list;
}
}
}
3、新建类BaseEntity.cs
using NHibernate;
using NHibernate.Criterion;
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data.Common;
using System.Linq;
using System.Text;
namespace DBHelper
{
public abstract class BaseEntity<T, TID> where T : BaseEntity<T, TID>
{
#region 属性
/// <summary>
/// 编号
/// </summary>
public string V_PreInvtId { get; set; }
/// <summary>
/// 回执状态
/// </summary>
public int V_OpResult { get; set; }
/// <summary>
/// 操作时间
/// </summary>
public DateTime D_optime { get; set; }
/// <summary>
/// 备注
/// </summary>
public string V_NoteS { get; set; }
#endregion
public virtual TID ID { get; set; }
#region
/// <summary>
/// Session配置文件路径
/// </summary>
protected static readonly string SessionFactoryConfigPath = System.IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "NHibernate.config");
/// <summary>
/// 返回对应的Session.
/// </summary>
protected static ISession NHibernateSession
{
get
{
return NHibernateSessionManager.Instance.GetSessionFrom(SessionFactoryConfigPath);
}
}
#endregion
#region common
/// <summary>
/// 根据ID从数据库获取一个类型为T的实例
/// </summary>
public static T GetById(TID id, bool shouldLock)
{
T entity;
if (shouldLock)
{
entity = NHibernateSession.Get<T>(id, LockMode.Upgrade);
}
else
{
entity = NHibernateSession.Get<T>(id);
}
return entity;
}
/// <summary>
/// 根据ID从数据库获取一个类型为T的实例
/// </summary>
public static T GetById(TID id)
{
return GetById(id, false);
}
/// <summary>
/// 获取所有的类型为T的对象
/// </summary>
public static IList<T> GetAll()
{
return GetByCriteria();
}
/// <summary>
/// 根据给定的 <see cref="ICriterion" /> 来查询结果
/// 如果没有传入 <see cref="ICriterion" />, 效果与 <see cref="GetAll" />一致.
/// </summary>
public static IList<T> GetByCriteria(params ICriterion[] criterion)
{
ICriteria criteria = NHibernateSession.CreateCriteria(typeof(T));
foreach (ICriterion criterium in criterion)
{
criteria.Add(criterium);
}
criteria.AddOrder(new Order("ID", false));
return criteria.List<T>();
}
#endregion
#region entity
/// <summary>
/// 根据exampleInstance的属性值来查找对象,返回与其值一样的对象对表。
/// exampleInstance中值为0或NULL的属性将不做为查找条件
/// </summary>
/// <param name="exampleInstance">参考对象</param>
/// <param name="propertiesToExclude">要排除的查询条件属性名</param>
/// <returns></returns>
public virtual IList<T> GetByExample(T exampleInstance, params string[] propertiesToExclude)
{
ICriteria criteria = NHibernateSession.CreateCriteria(exampleInstance.GetType());
Example example = Example.Create(exampleInstance);
foreach (string propertyToExclude in propertiesToExclude)
{
example.ExcludeProperty(propertyToExclude);
}
example.ExcludeNone();
example.ExcludeNulls();
example.ExcludeZeroes();
criteria.Add(example);
criteria.AddOrder(new Order("ID", false));
return criteria.List<T>();
}
/// <summary>
/// 使用<see cref="GetByExample"/>来返回一个唯一的结果,如果结果不唯一会抛出异常
/// </summary>
/// <exception cref="NonUniqueResultException" />
public virtual T GetUniqueByExample(T exampleInstance, params string[] propertiesToExclude)
{
IList<T> foundList = GetByExample(exampleInstance, propertiesToExclude);
if (foundList.Count > 1)
{
throw new NonUniqueResultException(foundList.Count);
}
if (foundList.Count > 0)
{
return foundList[0];
}
else
{
return default(T);
}
}
/// <summary>
/// 将指定的对象保存到数据库,并立限提交,并返回更新后的ID
/// See http://www.hibernate.org/hib_docs/reference/en/html/mapping.html#mapping-declaration-id-assigned.
/// </summary>
//public virtual T Save()
//{
// T entity = (T)this;
// NHibernateSession.Save(entity);
// NHibernateSession.Flush();
// return entity;
//}
/// <summary>
/// 将指定的对象保存或更新到数据库,并返回更新后的ID
/// </summary>
//public virtual T Merge()
//{
// T entity = (T)this;
// NHibernateSession.Merge<T>(entity);
// NHibernateSession.Flush();
// return entity;
//}
///// <summary>
///// 从数据库中删除指定的对象
///// </summary>
//public virtual void Delete()
//{
// T entity = (T)this;
// NHibernateSession.Delete(entity);
// NHibernateSession.Flush();
//}
public virtual DbTransaction BeginTransaction()
{
ITransaction tran = NHibernateSession.BeginTransaction();// NHibernateSessionManager.Instance.BeginTransactionOn(SessionFactoryConfigPath);
return new DbTransaction(tran);
}
/// <summary>
/// 提交所有的事务对象,并Flush到数据库
/// </summary>
public virtual void CommitChanges()
{
if (NHibernateSessionManager.Instance.HasOpenTransactionOn(SessionFactoryConfigPath))
{
NHibernateSessionManager.Instance.CommitTransactionOn(SessionFactoryConfigPath);
}
else
{
// 如果不是事务模式,就直接调用Flush来更新
NHibernateSession.Flush();
}
}
#endregion
#region WebApi获取数据
public static string Url
{
get
{
string url = System.Configuration.ConfigurationManager.AppSettings[typeof(T).Name];
if (string.IsNullOrEmpty(url))
{
throw new Exception(string.Format("“{0}”未包含URL配置", typeof(T).Name));
}
return url;
}
}
public static List<T> GetAllBySource()
{
return WebApiClient<T>.GetAll(Url);
}
public static void EditBySource(List<int> value)
{
WebApiClient<T>.Edit(Url, value);
}
public static void EditBySource(Dictionary<int, string> dic)
{
WebApiClient<T>.Edit(Url, dic);
}
public static T GetOneBySource(string id)
{
return WebApiClient<T>.Get(Url, id);
}
public static void EditBySourceByModel(List<T> value)
{
WebApiClient<T>.EditModel(Url, value);
}
#endregion
}
public class DbTransaction : IDisposable
{
ITransaction _transaction;
public DbTransaction(ITransaction transaction)
{
_transaction = transaction;
}
#region IDisposable 成员
public void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
}
protected virtual void Dispose(bool disposing)
{
if (disposing)
{
_transaction.Dispose();
_transaction = null;
}
}
#endregion
#region ITransaction 成员
public void Begin(System.Data.IsolationLevel isolationLevel)
{
_transaction.Begin(isolationLevel);
}
public void Begin()
{
_transaction.Begin();
}
public void Commit()
{
_transaction.Commit();
}
public void Enlist(System.Data.IDbCommand command)
{
_transaction.Enlist(command);
}
public bool IsActive
{
get { return _transaction.IsActive; }
}
public void RegisterSynchronization(NHibernate.Transaction.ISynchronization synchronization)
{
_transaction.RegisterSynchronization(synchronization);
}
public void Rollback()
{
_transaction.Rollback();
}
public bool WasCommitted
{
get { return _transaction.WasCommitted; }
}
public bool WasRolledBack
{
get { return _transaction.WasRolledBack; }
}
#endregion
}
}
4、调用代码:
List<EProducts> list = DBHelper.Entitys.EProducts.GetAllBySource();
在调用WebAPI之前,记得先运行WebAPI站点。
当我们的WebAPI站点开发完成之后,我们可以使用Nuget安装一个插件自动生成API文档,这个插件同时还支持WebAPI在线测试的。
/* ==============================================================================
* 功能描述:APIAuthorizeAttribute
* 创 建 者:Zouqj
* 创建日期:2015/11/3 11:37:45
==============================================================================*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Principal;
using System.Text;
using System.Threading;
using System.Web;
using System.Web.Http.Filters;
using Uuch.HP.WebAPI.Helper; namespace Uuch.HP.WebAPI.Filter
{
public class APIAuthorizeAttribute : AuthorizationFilterAttribute
{
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
//如果用户使用了forms authentication,就不必在做basic authentication了
if (Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
return;
} var authHeader = actionContext.Request.Headers.Authorization; if (authHeader != null)
{
if (authHeader.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase) &&
!String.IsNullOrWhiteSpace(authHeader.Parameter))
{
var credArray = GetCredentials(authHeader);
var userName = credArray[0];
var key = credArray[1];
string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
//if (IsResourceOwner(userName, actionContext))
//{
//You can use Websecurity or asp.net memebrship provider to login, for
//for he sake of keeping example simple, we used out own login functionality
if (APIAuthorizeInfoValidate.ValidateApi(userName,key,ip))//Uuch.HPKjy.Core.Customs.APIAuthorizeInfo.GetModel(userName, key, ip) != null
{
var currentPrincipal = new GenericPrincipal(new GenericIdentity(userName), null);
Thread.CurrentPrincipal = currentPrincipal;
return;
}
//}
}
} HandleUnauthorizedRequest(actionContext);
} private string[] GetCredentials(System.Net.Http.Headers.AuthenticationHeaderValue authHeader)
{ //Base 64 encoded string
var rawCred = authHeader.Parameter;
var encoding = Encoding.GetEncoding("iso-8859-1");
var cred = encoding.GetString(Convert.FromBase64String(rawCred)); var credArray = cred.Split(':'); return credArray;
} private bool IsResourceOwner(string userName, System.Web.Http.Controllers.HttpActionContext actionContext)
{
var routeData = actionContext.Request.GetRouteData();
var resourceUserName = routeData.Values["userName"] as string; if (resourceUserName == userName)
{
return true;
}
return false;
} private void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); actionContext.Response.Headers.Add("WWW-Authenticate",
"Basic Scheme='eLearning' location='http://localhost:8323/APITest'"); }
}
}
MVC—WebAPI(调用、授权)的更多相关文章
- ASP.NET MVC WebApi接口授权验证
对于很任何多开发者来说,不管是使用任何一种框架,或者是使用任何一种语言,都要使用面向接口编程.使用面向接口编程的时候,那么就会有很多的权限验证,用户验证等等. 特别是对于一些系统来说,别人想要对接你的 ...
- .net MVC, webAPI,webForm集成steeltoe+springcloud实现调用服务中心服务的总结
开始之前,如果没接触过Autofac的,可以移步到Autofac官方示例学习一下怎么使用:https://github.com/autofac/Examples .net 下集成steeltoe进行微 ...
- MVC WebApi 用户验证 (2)
构建ASP.NET MVC5+EF6+EasyUI 1.4.3+Unity4.x注入的后台管理系统(66)-MVC WebApi 用户验证 (2) 前言: 构建ASP.NET MVC5+EF6+E ...
- 构建ASP.NET MVC5+EF6+EasyUI 1.4.3+Unity4.x注入的后台管理系统(66)-MVC WebApi 用户验证 (2)
前言: 构建ASP.NET MVC5+EF6+EasyUI 1.4.3+Unity4.x注入的后台管理系统(65)-MVC WebApi 用户验证 (1) 回顾上一节,我们利用webapi简单的登录并 ...
- WebAPI调用笔记 ASP.NET CORE 学习之自定义异常处理 MySQL数据库查询优化建议 .NET操作XML文件之泛型集合的序列化与反序列化 Asp.Net Core 轻松学-多线程之Task快速上手 Asp.Net Core 轻松学-多线程之Task(补充)
WebAPI调用笔记 前言 即时通信项目中初次调用OA接口遇到了一些问题,因为本人从业后几乎一直做CS端项目,一个简单的WebAPI调用居然浪费了不少时间,特此记录. 接口描述 首先说明一下,基于 ...
- 线程安全使用(四) [.NET] 简单接入微信公众号开发:实现自动回复 [C#]C#中字符串的操作 自行实现比dotcore/dotnet更方便更高性能的对象二进制序列化 自已动手做高性能消息队列 自行实现高性能MVC WebAPI 面试题随笔 字符串反转
线程安全使用(四) 这是时隔多年第四篇,主要是因为身在东软受内网限制,好多文章就只好发到东软内部网站,懒的发到外面,现在一点点把在东软写的文章给转移出来. 这里主要讲解下CancellationT ...
- ASP.NET MVC WebApi 返回数据类型序列化控制(json,xml) 用javascript在客户端删除某一个cookie键值对 input点击链接另一个页面,各种操作。 C# 往线程里传参数的方法总结 TCP/IP 协议 用C#+Selenium+ChromeDriver 生成我的咕咚跑步路线地图 (转)值得学习百度开源70+项目
ASP.NET MVC WebApi 返回数据类型序列化控制(json,xml) 我们都知道在使用WebApi的时候Controller会自动将Action的返回值自动进行各种序列化处理(序列化为 ...
- Taurus.MVC WebAPI 入门开发教程5:控制器安全校验属性【HttpGet、HttpPost】【Ack】【Token】【MicroService】。
系列目录 1.Taurus.MVC WebAPI 入门开发教程1:框架下载环境配置与运行. 2.Taurus.MVC WebAPI 入门开发教程2:添加控制器输出Hello World. 3.Tau ...
- ASP.NET Core MVC/WebAPi 模型绑定探索
前言 相信一直关注我的园友都知道,我写的博文都没有特别枯燥理论性的东西,主要是当每开启一门新的技术之旅时,刚开始就直接去看底层实现原理,第一会感觉索然无味,第二也不明白到底为何要这样做,所以只有当你用 ...
随机推荐
- C++ Primer 学习笔记_98_特殊的工具和技术 --优化内存分配
特殊的工具和技术 --优化内存分配 引言: C++的内存分配是一种类型化操作:new为特定类型分配内存,并在新分配的内存中构造该类型的一个对象.new表达式自己主动执行合适的构造函数来初始化每一个动态 ...
- Netbeans源代码编辑技巧——使用代码补全和代码生成
原文 Netbeans源代码编辑技巧——使用代码补全和代码生成 使用代码补全生成代码 一般来说,代码补全对于自动填充缺失的代码是有帮助的,例如标识符和关键字.截至 NetBeans IDE 6.0,您 ...
- 共享库方案解决WAS中JAR包冲突
实现步骤: 1. 准备共享库JAR包 commons-httpclient-3.1.jar httpclient-4.3.3.jar httpcore-4.3.2.jar httpmim ...
- codeforces 459D - Pashmak and Parmida's problem【离散化+处理+逆序对】
题目:codeforces 459D - Pashmak and Parmida's problem 题意:给出n个数ai.然后定义f(l, r, x) 为ak = x,且l<=k<=r, ...
- 全栈project师的毁与誉
全栈(Full Stack)project师.也能够叫全端project师,不管是前端知识,还是后端架构你都要了解.甚至有些调皮的程序猿这样理解全栈project师:全栈project师 = 屌丝战斗 ...
- 使用 angular directive 和 json 数据 D3 随着标签 donut chart演示样本
使用angular resource载入中priorityData.json中间json数据,结合D3绘制甜甜圈图.执行index.html其结果见于图.: priorityData.json中jso ...
- NSUserDefaults写作和阅读对象定义自己
需要编写对象必须实现NSCoding protocol Person Class Person.h #import <Foundation/Foundation.h> #import &q ...
- 採用Android中的httpclient框架发送post请求
/** * 採用httpclientPost请求的方式 * * @param username * @param password * @return null表示求得的路径有问题,text返回请求得 ...
- Java对于私有变量“反思暴力”技术
(1)这两个类:(在相同的包装可以是) watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQveGxnZW4xNTczODc=/font/5a6L5L2T/font ...
- android 如何分析java.lang.IllegalArgumentException: Cannot draw recycled bitmaps异常
这类问题的分析,通常你需要找到bitmap对象已经在那个位置recyle,然后检查代码. 如何定位的位置,其中代码具有对bitmap 目的recyle.能够 Bitmap.java的recycle方法 ...