Asp.net mvc 4 带有WebForms的ASP.NET MVC API
我正在尝试创建一个ASP.NET MVC API授权过滤器,原因是我希望我的API同时使用会话登录和API密钥 因此,如果HttpContext.Current.User.Identity.IsAuthenticated为true,则什么也不做。如果没有,请查找参数API密钥,并仅验证它和该请求的用户。 我尝试了以下操作,但当我开始执行该操作时,调用的是Asp.net mvc 4 带有WebForms的ASP.NET MVC API,asp.net-mvc-4,asp.net-web-api,Asp.net Mvc 4,Asp.net Web Api,我正在尝试创建一个ASP.NET MVC API授权过滤器,原因是我希望我的API同时使用会话登录和API密钥 因此,如果HttpContext.Current.User.Identity.IsAuthenticated为true,则什么也不做。如果没有,请查找参数API密钥,并仅验证它和该请求的用户。 我尝试了以下操作,但当我开始执行该操作时,调用的是HttpContext.Current.User.Identity.Name仅为空,而IsAuthenticated为false 公共类MyAc
HttpContext.Current.User.Identity.Name
仅为空,而IsAuthenticated
为false
公共类MyAccessFilter:ActionFilterAttribute,IAuthorizationFilter
{
私有数据库实体数据库
public MyAccessFilter()
{
database = new DatabaseEntities();
}
public Task<HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken,
Func<Task<HttpResponseMessage>> continuation)
{
// If the users is already authed is this a local call, user id should be set
if (HttpContext.Current.User.Identity.IsAuthenticated)
return continuation();
// Find the api key and log in with it
IEnumerable<string> apiKeyHeader;
if (!actionContext.Request.Headers.TryGetValues("apikey", out apiKeyHeader))
return failed();
if(apiKeyHeader.Count() != 1)
return failed();
string key = apiKeyHeader.First();
//var key = actionContext.ControllerContext.RouteData.Values["apikey"] as string;
if (String.IsNullOrWhiteSpace(key))
return failed();
var userid = (from f in database.Users where f.ApiKey == key select f.Id).FirstOrDefault();
if (userid == 0)
{
return failed();
}
var usernameClaim = new Claim(ClaimTypes.Name, userid.ToString());
var identity = new ClaimsIdentity(new[] { usernameClaim }, "ApiKey");
var principal = new ClaimsPrincipal(identity);
Thread.CurrentPrincipal = principal;
return continuation();
}
private Task<HttpResponseMessage> failed()
{
TaskCompletionSource<HttpResponseMessage> tcs = new TaskCompletionSource<HttpResponseMessage>();
tcs.SetResult(new HttpResponseMessage(HttpStatusCode.Unauthorized));
return tcs.Task;
}
public MyAccessFilter()
{
数据库=新数据库实体();
}
公共任务ExecuteAuthorizationFilterAsync(HttpActionContext actionContext,CancellationToken CancellationToken,
Func(续)
{
//如果用户已经过身份验证,这是本地呼叫,则应设置用户id
if(HttpContext.Current.User.Identity.IsAuthenticated)
返回continuation();
//找到api密钥并使用它登录
IEnumerable apiKeyHeader;
if(!actionContext.Request.Headers.TryGetValues(“apikey”,out-apiKeyHeader))
返回失败();
if(apiKeyHeader.Count()!=1)
返回失败();
string key=apiKeyHeader.First();
//var key=actionContext.ControllerContext.RoutedData.Values[“apikey”]作为字符串;
if(String.IsNullOrWhiteSpace(key))
返回失败();
var userid=(来自数据库中的f.Users,其中f.ApiKey==键选择f.Id);
if(userid==0)
{
返回失败();
}
var usernameClaim=newclaim(ClaimTypes.Name,userid.ToString());
var identity=newclaimsidentity(new[]{usernameClaim},“ApiKey”);
var principal=新的ClaimsPrincipal(身份);
Thread.CurrentPrincipal=主体;
返回continuation();
}
私有任务失败()
{
TaskCompletionSource tcs=新的TaskCompletionSource();
tcs.SetResult(新的HttpResponseMessage(HttpStatusCode.Unauthorized));
返回tcs.Task;
}
}从
AuthorizeAttribute
派生它并实现授权方法。寻找