请给我一个示例代码来为 web api 服务设置 http 标头。
我开发了基本身份验证。
public class BasicAuthenticationFilter : AuthorizationFilterAttribute
{
bool Active = true;
public BasicAuthenticationFilter()
{ }
/// <summary>
/// Overriden constructor to allow explicit disabling of this
/// filter's behavior. Pass false to disable (same as no filter
/// but declarative)
/// </summary>
/// <param name="active"></param>
public BasicAuthenticationFilter(bool active)
{
Active = active;
}
/// <summary>
/// Override to Web API filter method to handle Basic Auth check
/// </summary>
/// <param name="actionContext"></param>
public override void OnAuthorization(HttpActionContext actionContext)
{
if (Active)
{
var identity = ParseAuthorizationHeader(actionContext);
if (identity == null)
{
//Challenge(actionContext);
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
return;
}
if (!OnAuthorizeUser(identity.Name, identity.Password, actionContext))
{
Challenge(actionContext);
return;
}
var principal = new GenericPrincipal(identity, null);
Thread.CurrentPrincipal = principal;
// inside of ASP.NET this is required
//if (HttpContext.Current != null)
// HttpContext.Current.User = principal;
base.OnAuthorization(actionContext);
}
}
/// <summary>
/// Base implementation for user authentication - you probably will
/// want to override this method for application specific logic.
///
/// The base implementation merely checks for username and password
/// present and set the Thread principal.
///
/// Override this method if you want to customize Authentication
/// and store user data as needed in a Thread Principle or other
/// Request specific storage.
/// </summary>
/// <param name="username"></param>
/// <param name="password"></param>
/// <param name="actionContext"></param>
/// <returns></returns>
protected virtual bool OnAuthorizeUser(string username, string password, HttpActionContext actionContext)
{
if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password))
return false;
return true;
}
/// <summary>
/// Parses the Authorization header and creates user credentials
/// </summary>
/// <param name="actionContext"></param>
protected virtual BasicAuthenticationIdentity ParseAuthorizationHeader(HttpActionContext actionContext)
{
string authHeader = null;
var auth = actionContext.Request.Headers.Authorization;
if (auth != null && auth.Scheme == "Basic")
authHeader = auth.Parameter;
if (string.IsNullOrEmpty(authHeader))
return null;
authHeader = Encoding.Default.GetString(Convert.FromBase64String(authHeader));
var tokens = authHeader.Split(':');
if (tokens.Length < 2)
return null;
return new BasicAuthenticationIdentity(tokens[0], tokens[1]);
}
/// <summary>
/// Send the Authentication Challenge request
/// </summary>
/// <param name="message"></param>
/// <param name="actionContext"></param>
void Challenge(HttpActionContext actionContext)
{
var host = actionContext.Request.RequestUri.DnsSafeHost;
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
actionContext.Response.Headers.Add("WWW-Authenticate", string.Format("Basic realm=\"{0}\"", host));
}
}
public class BasicAuthenticationIdentity : GenericIdentity
{
public BasicAuthenticationIdentity(string name, string password)
: base(name, "Basic")
{
this.Password = password;
}
/// <summary>
/// Basic Auth Password for custom authentication
/// </summary>
public string Password { get; set; }
}
public class BasicAuthCredentials
{
public string Username { get; set; }
public string Password { get; set; }
}
[BasicAuthenticationFilter]
public class SampleController : ApiController
{
public string Get()
{
return "Hai Authentication successfully done!";
}
}
所以我需要使用基本的http标头从ipad应用程序调用web api服务(目标c)。
提前谢谢。