我们正在考虑将现有的成员资格提供程序修改为 Web 服务以允许远程身份验证。比如说,Windows 8 应用程序将能够接受登录凭据并在我们服务器上的数据库中检查它。
- -更新 - -
我们在 asp.net 网站上查看了视频(Authorization,但发现它仍然使用传统的控制器来执行身份验证/授权任务。视频仅显示我们可以使用[Authorize]属性。有没有办法使用 ApiController 所以身份验证可以公开为 Web 服务以供另一个应用程序使用吗?
---我的更新结束---
我一直在尝试找到一些示例代码/项目,但到目前为止还没有找到。任何人都可以提出解决方案吗?
谢谢。
以下是我通过 WebAPI 进行身份验证的方式 - 它使用 Forms Auth 和 SimpleMembershipProvider。我不是经验丰富的编码员,因此这可能与质量相差甚远,但它应该可以帮助您入门。请注意,这只是验证用户,而不是客户端(api 密钥实现对我来说是一个 TODO)。欢迎反馈。
检查当前客户端/用户是否已通过身份验证:
public class AccountController : ApiController
{
public static DtoService _service = new DtoService();
// GET/api/isAuthenticated
[System.Web.Http.HttpGet]
public HttpResponseMessage IsAuthenticated()
{
try
{
if (User.Identity.IsAuthenticated)
return Request.CreateResponse(HttpStatusCode.OK, WebSecurity.GetUserId(User.Identity.Name));
else
return Request.CreateResponse(HttpStatusCode.OK, false);
}
catch (Exception e)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError, e);
}
}
登录:
// POST /api/login
// [System.Web.Http.AllowAnonymous]
[System.Web.Http.HttpPost]
public HttpResponseMessage LogIn(LoginModel model)
{
if (!ModelState.IsValid)
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
try
{
if (User.Identity.IsAuthenticated)
return Request.CreateResponse(HttpStatusCode.Conflict, "already logged in.");
if (!WebSecurity.UserExists(model.UserName))
return Request.CreateResponse(HttpStatusCode.BadRequest, "User does not exist.");
if (WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
return Request.CreateResponse(HttpStatusCode.OK, "logged in successfully");
}
return Request.CreateResponse(HttpStatusCode.BadRequest, "Login Failed.");
}
catch (Exception e)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError, e);
}
}
登出:
// POST /api/logout
[System.Web.Http.HttpPost]
////[ValidateAntiForgeryToken]
[Authorize]
public HttpResponseMessage LogOut()
{
try
{
if (User.Identity.IsAuthenticated)
{
WebSecurity.Logout();
return Request.CreateResponse(HttpStatusCode.OK, "logged out successfully.");
}
return Request.CreateResponse(HttpStatusCode.Conflict, "already done.");
}
catch (Exception e)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError, e);
}
}
登记:
// POST: /api/register
[System.Web.Http.HttpPost]
//[ValidateAntiForgeryToken]
public HttpResponseMessage Register(RegisterModel model)
{
if (!ModelState.IsValid)
{
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
}
try
{
if (User.Identity.IsAuthenticated)
return Request.CreateResponse(HttpStatusCode.Conflict, "User Already Registered and Logged In");
if (WebSecurity.UserExists(model.UserName))
return Request.CreateResponse(HttpStatusCode.Conflict, "User Already Registered");
else
{
// Attempt to register the user
WebSecurity.CreateUserAndAccount(model.UserName, model.Password);
WebSecurity.Login(model.UserName, model.Password);
InitiateDatabaseForNewUser(WebSecurity.GetUserId(model.UserName));
FormsAuthentication.SetAuthCookie(model.UserName, createPersistentCookie: false);
return Request.CreateResponse(HttpStatusCode.Created, WebSecurity.GetUserId(model.UserName));
}
}
catch (Exception e)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError, e);
}
}
}