使用 ASP.Net Web Api 授权用户时如何返回值?我尝试在 Authorize 属性上覆盖 OnAuthorize,但方法类型是“void”,所以我不能返回任何值,或者我应该将我想要的值附加到标头上作为响应标头?
这是我想要实现的目标:
- 用户传递 api 密钥和共享密钥
- 当用户被授权时,自定义属性会返回用户的Id和Name
- Id 将用于作为参数传递 Rest Methods
问问题
6422 次
1 回答
4
此代码示例可能会对您有所帮助。
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
base.OnAuthorization(actionContext);
IManageUsers manageUser = new ManageUsers();
//get authentication token from header + email
string authenticationToken = string.Empty;
string email = string.Empty;
if (actionContext.Request.Headers.GetValues("email") != null && (!string.IsNullOrEmpty(Convert.ToString(actionContext.Request.Headers.GetValues("email").FirstOrDefault()))))
{
if (actionContext.Request.Headers.GetValues("authenticationToken") != null && (!string.IsNullOrEmpty(Convert.ToString(actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault()))))
{
authenticationToken = Convert.ToString(actionContext.Request.Headers.GetValues("authenticationToken").FirstOrDefault());
email = Convert.ToString(actionContext.Request.Headers.GetValues("email").FirstOrDefault());
//check if user is activated
User user = manageUser.GetByEmail(email);
if (user != null)
{
//if user is not authentication
if (user.AuthenticationStatus != AuthenticationStatus.Authenticated)
{
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthenticated");
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
return;
}
//user is authentication, now check authorization
string authenticationTokenPersistant = user.AuthorizationToken;
//if length is not equal to the saved token
var authenticationTokenEncrypted = manageUser.EncryptAuthenticationTokenAes(authenticationTokenPersistant, user.Key, user.IV);
if (authenticationToken != authenticationTokenEncrypted)
{
HttpContext.Current.Response.AddHeader("Email", email);
HttpContext.Current.Response.AddHeader("authenticationToken", authenticationToken);
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
HttpContext.Current.Response.AddHeader("ErrorMessage", "Invalid token");
return;
}
HttpContext.Current.Response.AddHeader("Email", email);
HttpContext.Current.Response.AddHeader("authenticationToken", authenticationToken);
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "Authorized");
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK);
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.PreconditionFailed);
HttpContext.Current.Response.AddHeader("ErrorMessage", "Email does not exist");
return;
}
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.PreconditionFailed);
HttpContext.Current.Response.AddHeader("ErrorMessage", "Please provide authentication token");
return;
}
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.PreconditionFailed);
HttpContext.Current.Response.AddHeader("ErrorMessage", "Please provide email address");
return;
}
}
于 2012-05-20T17:32:54.473 回答