[Web API]以Attribute加上Header驗證
建立新FilterAttribute繼承AuthorizationFilterAttribute,覆寫OnAuthorization攔截傳入的HttpActionContext內容判斷是否有傳入指定的資料
public override void OnAuthorization(HttpActionContext filterContext)
{
var identity = FetchAuthHeader(filterContext); //取得資料內容
if (identity == null)
{
ChallengeAuthRequest(filterContext); //回傳錯誤訊息
return;
}
var genericPrincipal = new GenericPrincipal(identity, null);
//針對目前連線的使用者做授權
Thread.CurrentPrincipal = genericPrincipal;
if (!OnAuthorizeUser(identity.Name, identity.Password, filterContext)) //驗證
{
ChallengeAuthRequest(filterContext);
return;
}
base.OnAuthorization(filterContext);
}
解析HttpActionContext內容取得指定的資料
protected virtual BasicAuthenticationIdentity FetchAuthHeader(HttpActionContext filterContext)
{
string customer = "";
string pwd = "";
IEnumerable<string> authRequest = filterContext.Request.Headers.GetValues("指定的資料名稱");
IEnumerable<string> authRequest2 = filterContext.Request.Headers.GetValues("指定的資料名稱2");
try
{
customer = authRequest.FirstOrDefault();
pwd = authRequest2.FirstOrDefault();
}
catch { }
return new BasicAuthenticationIdentity(customer, pwd);
}
驗證解析出來的資料是否符合需求
protected override bool OnAuthorizeUser(string username, string password, HttpActionContext actionContext)
{
if (username == "驗證資料" && password == "驗證碼")
return true;
return false;
}
建立驗證失敗時要回傳的訊息
private static void ChallengeAuthRequest(HttpActionContext filterContext)
{
var dnsHost = filterContext.Request.RequestUri.DnsSafeHost;
filterContext.Response = filterContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
filterContext.Response.Headers.Add("WWW-Authenticate", string.Format("validate failed", dnsHost));
}
於WebApiConfig.cs中註冊新增的Filter
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
GlobalConfiguration.Configuration.Filters.Add(new WebApi.Filters.ApiAuthenticationFilter());
}
}
最後在需要驗證的API加上該Filter即可
[WebApi.Filters.ApiAuthenticationFilter]
public object QueryApi(string pInput)
{
return null;
}