1、重写授权方法
using System;using System.Collections.Generic;using System.Linq;using System.Net;using System.Net.Http;using System.Net.Http.Headers;using System.Web;using System.Web.Http;using System.Web.Http.Controllers;using System.Web.Security;using WebAPI.Models;using WebAPI.Toolkit;namespace WebAPI.Filter{ /// /// 授权 /// public class RequestAuthorizeAttribute:AuthorizeAttribute { /// /// 重写授权方法,加入自定义的Ticket验证 /// /// public override void OnAuthorization(HttpActionContext actionContext) { var isActionAnonymous = actionContext.ActionDescriptor.GetCustomAttributes ().OfType ().Any(a => a is AllowAnonymousAttribute); var isControllerAnonymous = actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes ().OfType ().Any(a => a is AllowAnonymousAttribute); //如果控制器和动作上允许匿名访问 if (isControllerAnonymous || isActionAnonymous) { base.OnAuthorization(actionContext); } else { //从http请求的头里面获取身份验证信息,验证是否是请求发起方的ticket var headers = actionContext.Request.Headers; if ((headers.Authorization != null) && (headers.Authorization.Parameter != null)) { //解密用户ticket,并校验用户名密码是否匹配 if (ValidateTicket(headers)) { base.IsAuthorized(actionContext); } else { HandleUnauthorizedRequest(actionContext); } } else { HandleUnauthorizedRequest(actionContext); } } } /// /// 校验用户身份 /// /// 请求头 /// /// 重写授权失败响应 /// /// protected override void HandleUnauthorizedRequest(HttpActionContext actionContext) { base.HandleUnauthorizedRequest(actionContext); actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden, new ResultModel { Status = false, Data = null, ErrorMessage = "您没有权限访问资源" }); } }} 2、基类控制器添加授权特性
using Newtonsoft.Json;using System;using System.Collections.Generic;using System.Linq;using System.Net;using System.Net.Http;using System.Threading;using System.Threading.Tasks;using System.Web.Http;using System.Web.Http.Controllers;using WebAPI.Filter;using System.IO;using WebAPI.Models;using System.Text;using WebAPI.Toolkit;namespace WebAPI.Controllers{ /// /// 接口基类 /// [Result] [RequestAuthorize] public class BaseApiController : ApiController { /// /// 接口令牌 /// protected string _token; /// /// /// protected ApiClient _client; /// /// 接口配置 /// public List Apis { get { string path = string.Format("{0}/config.json", AppDomain.CurrentDomain.BaseDirectory); string result = ""; if (File.Exists(path)) { result = File.ReadAllText(path); } return JsonConvert.DeserializeObject >(result); } } /// /// 重写接口执行方法 /// /// 控制器上下文 /// /// ExecuteAsync(HttpControllerContext controllerContext,CancellationToken cancellationToken) { try { var header = controllerContext.Request.Headers; _token = header.GetValues("AppId").FirstOrDefault();//接口令牌 string baseAddress = Apis.FirstOrDefault(a => a.Id == _token).Url; _client = new ApiClient(baseAddress, _token, header); } catch { var response = new HttpResponseMessage(HttpStatusCode.OK); response.Content = new StringContent(JsonConvert.SerializeObject(new ResultModel() { ErrorMessage = "未经授权" }), Encoding.UTF8, "application/json"); var source = new TaskCompletionSource (); source.SetResult(response); return source.Task; } return base.ExecuteAsync(controllerContext, cancellationToken); } }}
3.登录
using AppViewModel;using AppViewModel.System;using System;using System.Collections.Generic;using System.Dynamic;using System.Linq;using System.Net;using System.Net.Http;using System.Web;using System.Web.Http;using System.Web.Security;using WebAPI.Models;using WebAPI.Toolkit;namespace WebAPI.Controllers.System{ /// /// 用户信息 /// public class UserController : BaseApiController { #region 登录 /// /// 登录 /// /// 登录实体 /// /// 获取用户岗位列表 /// /// private void GetUserPosts(UserViewModel userModel) { var postResult = _client.Get(string.Format("api/SysBasicPost/GetByUid?Uid={0}", userModel.Id)); if (postResult.Data == null) { return; } foreach (var item in postResult.Data) { userModel.UserPosts.Add(new PostViewModel() { Id = item.Id, Name = item.岗位名称 }); } } /// /// 获取用户模块列表 /// /// private void GetUserModules(UserViewModel userModel) { if (userModel.UserPosts.Count < 1 || userModel.UserPosts.Count > 1) { return; } //默认如果当前用户只有一个岗位就加载用户的模块列表 var result = _client.Get(string.Format("api/SysModule/Get?Gid={0}&Uid={1}&Pid={2}", userModel.OrgId, userModel.Id, userModel.UserPosts.FirstOrDefault().Id)); if (result.Data == null) { return; } var viewModels = new List (); foreach (var item in result.Data) { viewModels.Add(new ModuleViewModel() { Id = item.Id, PId = item.Pid, Name = item.别名, Url = item.默认入口页面, IconUrl = item.图标URL }); } userModel.UserModules = viewModels.Where(a => a.PId == null).ToList(); if (userModel.UserModules == null || userModel.UserModules.Count < 1) { return; } //包装模块列表 foreach (var item in userModel.UserModules) { item.Childs = viewModels.Where(a => a.PId == item.Id).ToList(); } } #endregion /// /// 获取用户列表 /// /// 机构Id、岗位Id /// GetUsers([FromBody]QueryBaseModel queryModel) { var result = _client.Get(string.Format("api/SysUser/GetByGidAndPid?Gid={0}&Pid={1}", queryModel.OrgId, queryModel.PostId)); if (result.Data==null) { return null; } var viewModels = new List (); foreach (var item in result.Data) { viewModels.Add(new UserViewModel(){ Id = item.Id, Name = item.真实姓名 }); } return viewModels; } /// /// 获取用户详情 /// /// 用户Id /// 登录参考基础认证的方式,但是为了和网上基础认证做区别没有对用户名和密码进行加密,而是针对用户名和用户名进行加密,加密的核心我认为是打破常规为原则。
如果某个接口不需要授权,则控制器或动作上方添加 [AllowAnonymous] 特性。
注意点:如果重写授权方法没有处理好匿名特性的逻辑,会导致不该认证的接口,打上匿名特性也照样走认证流程。