webapi添加basic认证

Posted .Neter

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了webapi添加basic认证相关的知识,希望对你有一定的参考价值。

 

BasicAbstractAuthorize:抽象类,子类中校验用户名密码,并创建Principal 

BasicAuthorize:实现类

    //base.OnAuthorization(),此方法内部,调用IsAuthorized()判断是否授权,如果未授权调用HandleUnauthorizedRequest()方法
    //base.IsAuthorized(),判断Principal、Identity是否为空,为空则未授权
    //base.HandleUnauthorizedRequest(),此方法内部创建Response,状态码401;
    //
    public abstract class BasicAbstractAuthorize : AuthorizeAttribute
    {
        public override void OnAuthorization(HttpActionContext actionContext)
        {

            var authenticationHeader = actionContext.Request.Headers.Authorization;

            if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>(true).Count > 0
                || actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>(true).Count > 0)
            {//如果有AllowAnonymous特性,就不检查
                base.OnAuthorization(actionContext);
            }
            else
            {
                if (authenticationHeader != null && authenticationHeader.Scheme == "Basic" && !string.IsNullOrEmpty(authenticationHeader.Parameter))
                {
                    var userNameAndPassword = this.GetUserNameAndPassword(authenticationHeader.Parameter);
                    actionContext.RequestContext.Principal = this.Authenticate(userNameAndPassword.Item1, userNameAndPassword.Item2, actionContext);
                }
                if (actionContext.RequestContext.Principal == null)
                {
                    base.HandleUnauthorizedRequest(actionContext);
                }
            }

        }
        /// <summary>
        /// 校验用户名、密码
        /// </summary>
        /// <returns></returns>
        public abstract IPrincipal Authenticate(string userName, string password, HttpActionContext actionContext);
        /// <summary>
        /// 获取用户名、密码
        /// </summary>
        /// <param name="authenticationParameter"></param>
        /// <returns></returns>
        private Tuple<string, string> GetUserNameAndPassword(string authenticationParameter)
        {
            if (!string.IsNullOrWhiteSpace(authenticationParameter))
            {
                var data = Encoding.ASCII.GetString(Convert.FromBase64String(authenticationParameter)).Split(:);
                return new Tuple<string, string>(data[0], data[1]);
            }
            return null;
        }
    }

    public class BasicAuthorize : BasicAbstractAuthorize
    {
        public override IPrincipal Authenticate(string userName, string password, HttpActionContext actionContext)
        {
            //校验用户名、密码
            if (userName == "zhangsan" && password == "123")
            {
                ClaimsIdentity identity = new ClaimsIdentity(new List<Claim> {
                    new Claim("UserName",userName)
                });
                ClaimsPrincipal principal = new ClaimsPrincipal(identity);
                return principal;
            }
            return null;

        }
    }

 添加Filter

        public static void Register(HttpConfiguration config)
        {
            // Web API 配置和服务
            RegisterFilters(config.Filters);
        }
        public static void RegisterFilters(HttpFilterCollection filters)
        {
            filters.Add(new BasicAuthorize());
        }

以上是关于webapi添加basic认证的主要内容,如果未能解决你的问题,请参考以下文章

angularjs+webapi2 跨域Basic 认证授权

活学活用,webapi HTTPBasicAuthorize搭建小型云应用的实践

webApi 验证basic-authentication认证的资源的各种语言的实现

Web API 基于ASP.NET Identity的Basic Authentication

Basic认证方式访问url

Http Basic认证