以下是我通过 WebAPI 进行身份验证的方式 - 它使用 Forms Auth 和 SimpleMembershipProvider。我不是经验丰富的编码员,因此这可能与质量相差甚远,但它应该可以帮助您入门。请注意,这只是验证用户,而不是客户端(api 密钥实现对我来说是一个 TODO)。欢迎反馈。
检查当前客户端/用户是否已通过身份验证:
public class AccountController : ApiController
{
public static DtoService _service = new DtoService();
// GET/api/isAuthenticated
[System.Web.Http.HttpGet]
public HttpResponseMessage IsAuthenticated()
{
try
{
if (User.Identity.IsAuthenticated)
return Request.CreateResponse(HttpStatusCode.OK, WebSecurity.GetUserId(User.Identity.Name));
else
return Request.CreateResponse(HttpStatusCode.OK, false);
}
catch (Exception e)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError, e);
}
}
登录:
// POST /api/login
// [System.Web.Http.AllowAnonymous]
[System.Web.Http.HttpPost]
public HttpResponseMessage LogIn(LoginModel model)
{
if (!ModelState.IsValid)
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
try
{
if (User.Identity.IsAuthenticated)
return Request.CreateResponse(HttpStatusCode.Conflict, "already logged in.");
if (!WebSecurity.UserExists(model.UserName))
return Request.CreateResponse(HttpStatusCode.BadRequest, "User does not exist.");
if (WebSecurity.Login(model.UserName, model.Password, persistCookie: model.RememberMe))
{
FormsAuthentication.SetAuthCookie(model.UserName, model.RememberMe);
return Request.CreateResponse(HttpStatusCode.OK, "logged in successfully");
}
return Request.CreateResponse(HttpStatusCode.BadRequest, "Login Failed.");
}
catch (Exception e)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError, e);
}
}
登出:
// POST /api/logout
[System.Web.Http.HttpPost]
////[ValidateAntiForgeryToken]
[Authorize]
public HttpResponseMessage LogOut()
{
try
{
if (User.Identity.IsAuthenticated)
{
WebSecurity.Logout();
return Request.CreateResponse(HttpStatusCode.OK, "logged out successfully.");
}
return Request.CreateResponse(HttpStatusCode.Conflict, "already done.");
}
catch (Exception e)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError, e);
}
}
登记:
// POST: /api/register
[System.Web.Http.HttpPost]
//[ValidateAntiForgeryToken]
public HttpResponseMessage Register(RegisterModel model)
{
if (!ModelState.IsValid)
{
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
}
try
{
if (User.Identity.IsAuthenticated)
return Request.CreateResponse(HttpStatusCode.Conflict, "User Already Registered and Logged In");
if (WebSecurity.UserExists(model.UserName))
return Request.CreateResponse(HttpStatusCode.Conflict, "User Already Registered");
else
{
// Attempt to register the user
WebSecurity.CreateUserAndAccount(model.UserName, model.Password);
WebSecurity.Login(model.UserName, model.Password);
InitiateDatabaseForNewUser(WebSecurity.GetUserId(model.UserName));
FormsAuthentication.SetAuthCookie(model.UserName, createPersistentCookie: false);
return Request.CreateResponse(HttpStatusCode.Created, WebSecurity.GetUserId(model.UserName));
}
}
catch (Exception e)
{
return Request.CreateResponse(HttpStatusCode.InternalServerError, e);
}
}
}