前后端分离的开发中,应用服务需要进行用户身份的验证才允许访问数据。实现的方法很简单。创建一个webapi项目。在App_Start目录下找到WebApiConfig.cs, 在里面增加一个实现类。
public static class WebApiConfig{public static void Register(HttpConfiguration config){// Web API 配置和服务config.Filters.Add(new CustomAuthorize());// Web API 路由config.MapHttpAttributeRoutes();config.Routes.MapHttpRoute(name: "DefaultApi",routeTemplate: "api/{controller}/{id}",defaults: new { id = RouteParameter.Optional });}public class CustomAuthorize : AuthorizationFilterAttribute{public override void OnAuthorization(HttpActionContext actionContext){//如果用户的Action带有AllowAnonymousAttribute,则不用检测if (actionContext.ActionDescriptor.GetCustomAttributes<System.Web.Http.AllowAnonymousAttribute>().Any()){return;}app 接口检测 object au = actionContext.Request.Headers.Authorization;if (au == null){actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new { Ret = 4002, Msg = "Token错误!" });}else if (!Redis.haskey(au.ToString())){actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new { Ret = 4008, Msg = "Token超时!" });}}}}
Controller 类的实现:
[RoutePrefix("api/v1")]public class ValuesController : ApiController{[AllowAnonymous] //匿名访问[Route("getData1"), HttpPost]public JObject getData1([FromBody] JObject data){return data;}//登录访问[Route("getData2"), HttpPost]public JObject getData2([FromBody] JObject data){return data;}}