webapi里的特性
////// Basic验证 /// ////// /// public class BasicAuthorizeAttibute : AuthorizeAttribute { public override void OnAuthorization(HttpActionContext actionContext) { var authorization = actionContext.Request.Headers.Authorization; //HTTP标头的Authorization值 //ActionDescriptor方法上,ActionDescriptor.ControllerDescriptor 类上 //有[AllowAnonymousAttribute] 的情况下 if (actionContext.ActionDescriptor.GetCustomAttributes(true).Count != 0 || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes (true).Count != 0) { base.OnAuthorization(actionContext); } else if (authorization != null && authorization.Parameter != null) { //用户逻辑验证 if (ValidateTicket(authorization.Parameter)) { base.IsAuthorized(actionContext); } else { this.HandleUnauthorizedRequest(actionContext); } } else { this.HandleUnauthorizedRequest(actionContext); } } /// /// 验证用户逻辑 /// /// /// /// /// private bool ValidateTicket(string encryptTicket) { // var strTicket = FormsAuthentication.Decrypt(encryptTicket.Remove(encryptTicket.Length - 1).Remove(0, 1)); var strTicket = FormsAuthentication.Decrypt(encryptTicket); return string.Equals(strTicket.UserData, string.Format("{0}&{1}", "admin", "123")); } }
获取ticket
[AllowAnonymous] [HttpGet] public HttpResponseMessage Login(string account, string password) { Model.User user = new User(); if (account == "admin" && password == "123") { FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(0, account, DateTime.Now, DateTime.Now.AddHours(1), true, string.Format("{0}&{1}", account, password), FormsAuthentication.FormsCookiePath); return Success(user = new User() { name = account, pass = password, ticket = FormsAuthentication.Encrypt(ticket) }); } else { return Msg("登录失败"); } }
MVC里面请求头(后台请求)
public string GetApi(string method, string queryString) { var result = ApiHelper.Instance.RequestApi(method, queryString, GetApiHeader()); return result; }private WebHeaderCollection GetApiHeader() { string key = string.Format(GlobalVar.UserTiketCacheKey); var result = CacheHelper.CacheReader(key); WebHeaderCollection header = new WebHeaderCollection(); header.Add(HttpRequestHeader.Authorization, "BasicAuth " + result); return header; }