1

我现在只是注册这些路由,如何在 WebApiKeyHandler.cs 中获取 Apikey 值,因为它不是查询字符串的一部分,所以我得到了 null。还指导我如何验证密钥是 Web Api 项目的最佳实践?

public static void Register(HttpConfiguration config)
        {
           config.Routes.MapHttpRoute(
           name: "DefaultApi2",
           routeTemplate: "api/v1/users/{apikey}/{controller}/{action}/",
           defaults: new { id = RouteParameter.Optional }
                );

            config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/v1/users/{apikey}/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional }
            );

            config.MessageHandlers.Add(new WebApiKeyHandler());  // global message handler
        }

WebApiKeyHandler.cs

   public class WebApiKeyHandler : DelegatingHandler
    {
        protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            string apikey = HttpUtility.ParseQueryString(request.RequestUri.Query).Get(Constants.API_KEY_QUERY_STRING);
            if (string.IsNullOrWhiteSpace(apikey))
            {
                HttpResponseMessage response = request.CreateErrorResponse(HttpStatusCode.Forbidden, ErrorCodes.API_KEY_EMPTY_ERROR);
                var tsc = new TaskCompletionSource<HttpResponseMessage>();
                tsc.SetResult(response);
                return tsc.Task;
            }
            else if (!ValidateKey(apikey))
            {
                HttpResponseMessage response = request.CreateErrorResponse(HttpStatusCode.Forbidden, ErrorCodes.API_KEY_INVALID_ERROR);
                var tsc = new TaskCompletionSource<HttpResponseMessage>();
                tsc.SetResult(response);
                return tsc.Task;
            }
            else
            {
                return base.SendAsync(request, cancellationToken);
            }
        }

        private static bool ValidateKey(string apiKey)
        {
            Guid key;
            Guid.TryParse(apiKey, out key);
            return new StAccountsDomainContext().ApiSubscriptions.Any(x => x.ApiKey == key && x.IsActive == true && !x.ApiIBlacklists.Any());
        }

        private static bool ValidateSecretKey(string apiKey, string secretKey)
        {
            Guid key1;
            Guid.TryParse(apiKey, out key1);

            Guid key2;
            Guid.TryParse(secretKey, out key2);

            return new StAccountsDomainContext().ApiSubscriptions.Any(x => x.ApiKey == key1
                                                                        && x.SecretKey == key2
                                                                        && x.IsActive == true
                                                                        && !x.ApiIBlacklists.Any());
        }
    }
4

1 回答 1

1

您可以使用GetRouteData()HttpRequestMessage 上的扩展来获取路由数据。例子:request.GetRouteData().Values

于 2013-06-07T01:58:22.170 回答