我现在只是注册这些路由,如何在 WebApiKeyHandler.cs 中获取 Apikey 值,因为它不是查询字符串的一部分,所以我得到了 null。还指导我如何验证密钥是 Web Api 项目的最佳实践?
public static void Register(HttpConfiguration config)
{
config.Routes.MapHttpRoute(
name: "DefaultApi2",
routeTemplate: "api/v1/users/{apikey}/{controller}/{action}/",
defaults: new { id = RouteParameter.Optional }
);
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/v1/users/{apikey}/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
config.MessageHandlers.Add(new WebApiKeyHandler()); // global message handler
}
WebApiKeyHandler.cs
public class WebApiKeyHandler : DelegatingHandler
{
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
string apikey = HttpUtility.ParseQueryString(request.RequestUri.Query).Get(Constants.API_KEY_QUERY_STRING);
if (string.IsNullOrWhiteSpace(apikey))
{
HttpResponseMessage response = request.CreateErrorResponse(HttpStatusCode.Forbidden, ErrorCodes.API_KEY_EMPTY_ERROR);
var tsc = new TaskCompletionSource<HttpResponseMessage>();
tsc.SetResult(response);
return tsc.Task;
}
else if (!ValidateKey(apikey))
{
HttpResponseMessage response = request.CreateErrorResponse(HttpStatusCode.Forbidden, ErrorCodes.API_KEY_INVALID_ERROR);
var tsc = new TaskCompletionSource<HttpResponseMessage>();
tsc.SetResult(response);
return tsc.Task;
}
else
{
return base.SendAsync(request, cancellationToken);
}
}
private static bool ValidateKey(string apiKey)
{
Guid key;
Guid.TryParse(apiKey, out key);
return new StAccountsDomainContext().ApiSubscriptions.Any(x => x.ApiKey == key && x.IsActive == true && !x.ApiIBlacklists.Any());
}
private static bool ValidateSecretKey(string apiKey, string secretKey)
{
Guid key1;
Guid.TryParse(apiKey, out key1);
Guid key2;
Guid.TryParse(secretKey, out key2);
return new StAccountsDomainContext().ApiSubscriptions.Any(x => x.ApiKey == key1
&& x.SecretKey == key2
&& x.IsActive == true
&& !x.ApiIBlacklists.Any());
}
}