Asp.net web api 如何在net core web api中覆盖OnAuthorization?
早些时候,我在asp.net中实现了类似的功能Asp.net web api 如何在net core web api中覆盖OnAuthorization?,asp.net-web-api,asp.net-core,Asp.net Web Api,Asp.net Core,早些时候,我在asp.net中实现了类似的功能 public class Authentication : AuthorizationFilterAttribute { public override void OnAuthorization(HttpActionContext actionContext) { if (actionContext.Request.Headers.Authorization == null) {
public class Authentication : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request
.CreateResponse(HttpStatusCode.Unauthorized);
} else
{
var authenticationToken = actionContext.Request.Headers
.Authorization.Parameter;
var decodedAuthenticationToken = Encoding.UTF8.GetString(
Convert.FromBase64String(authenticationToken));
var usernamePasswordArray = decodedAuthenticationToken.Split(':');
var username = usernamePasswordArray[0];
var password = usernamePasswordArray[1];
if (GetUsers.GetDatabaseUsers.CheckCredentials(username, password))
{// logic}
现在,这在NetCore中似乎不起作用,目标是读取授权头并对其进行反序列化,这样我就可以将其传递给我的数据库逻辑,类似这样
public static bool CheckCredentials(string username, string password)
{
try
{
var databaseConnection = new MySqlConnection(ConnectionString);
var queryCommand =
new MySqlCommand(
"SELECT COUNT(*) FROM users WHERE username LIKE @username AND password LIKE @password",
databaseConnection);// more code
然后在我的价值控制器中,我有这样的东西
[Authentication]
public HttpResponseMessage Get()
{
var returnData = string.Format("database model logic{0}",mydatabasehandler.sologic,
return Request.CreateResponse(HttpStatusCode.OK, returnData);
}
现在,这段代码可能很难看,但我希望它能让读者理解我想要实现的目标
其基本思想是,它将是我的桌面应用程序的API,仅与MySql数据库通信。如果我需要澄清什么,请告诉我
另外一个问题,当使用netcore时,我似乎根本无法让IntelliSense工作。是否有办法实现这一点,还是因为它是beta版而缺少它?您可以使用自定义中间件作为MVC过滤器来实现这一点。 这是在中宣布的(请参阅“中间件作为MVC过滤器”一节) 以下是基于您的示例的一些示例代码: 首先,创建自定义中间件来完成这项工作:
public class MyCustomAuthenticationMiddleware
{
private readonly RequestDelegate next;
public MyCustomAuthenticationMiddleware(RequestDelegate next)
{
this.next = next;
}
public async Task Invoke(HttpContext context)
{
string authoriztionHeader = context.Request.Headers["Authorization"];
if (authoriztionHeader != null && authoriztionHeader.StartsWith("Basic"))
{
var encodedUsernamePassword = authoriztionHeader.Substring("Basic ".Length).Trim();
var encoding = Encoding.GetEncoding("iso-8859-1");
var usernamePassword = encoding.GetString(Convert.FromBase64String(encodedUsernamePassword));
var seperatorIndex = usernamePassword.IndexOf(':');
var username = usernamePassword.Substring(0, seperatorIndex);
var password = usernamePassword.Substring(seperatorIndex + 1);
if (GetUsers.GetDatabaseUsers.CheckCredentials(username, password))
{
// your additional logic here...
await this.next.Invoke(context);
}
else
{
context.Response.StatusCode = 401;
}
}
else
{
context.Response.StatusCode = 401;
}
}
}
public static class MyCustomAuthenticationMiddlewareExtensions
{
public static IApplicationBuilder UseMyCustomAuthentication(this IApplicationBuilder builder)
{
return builder.UseMiddleware<MyCustomAuthenticationMiddleware>();
}
}
最后,在操作方法上,添加过滤器:
[MiddlewareFilter(typeof(MyCustomAuthenticationMiddlewarePipeline))]
public HttpResponseMessage Get()
{
var returnData = DoSomeWork();
return this.Request.CreateResponse(HttpStatusCode.OK, returnData);
}
对于您的额外问题,请确保您了解所有内容的最新版本。我对intellisense没有任何问题。以下是我正在运行的版本:Visual Studio Enterprise 2015 Update 3(14.0.25431.01 Update 3),Microsoft.NET核心工具(扩展):14.1.21111.0,在命令行运行“dotnet”,它是1.1.0,“dotnet--version”建议返回1.0.0-preview2-1-003177,一个更好的方法是从这个基础上创建一个身份验证中间件。它可以基于头创建ClaimsPrincipal,授权可以基于头。在ASP.NET Core中,建议不要自定义AuthorizationAttribute。此外,关于intellisense问题,如果您运行的是ReSharper v10.x,则可能需要升级到具有.NET Core支持的最新版本。非常感谢,现在我有了一个基础,可以更好地理解它,而不是msdn文档。
[MiddlewareFilter(typeof(MyCustomAuthenticationMiddlewarePipeline))]
public HttpResponseMessage Get()
{
var returnData = DoSomeWork();
return this.Request.CreateResponse(HttpStatusCode.OK, returnData);
}