secure asp net web api using api key authentication

ASP. NET Web API filter creation and execution process (1)Before introducing the HttpActionDescriptor type to generate a filter pipeline, let's first make a basic understanding of some types involved in the pipeline. Overview of basic types FilterInfo filter object encapsulation information (System.

usingSystem;usingSystem.Collections.Generic;usingSystem.Linq;usingsystem.web;usingSystem.Web.Http.Filters;namespacekingt.web.his.sys{ Public class supportcrossdomainattribute : System.Web.Http.Filters.ActionFilterAttribute { Public Override voidonactionexecuted (Httpactionexecutedcontext actionexecutedcontext) {varResheaders =actionExecutedContext.Response.Headers; if(allowcredentials) {Resheaders.add ("access-control-allow-credentials","true"); } resheaders.add ("Access-control-allow-origin", O

PublicStringUploadFile (){If(Request.Content.IsMimeMultipartContent ()){//Save fileMultipartformdatastreamprovider Provider =New Multipartformdatastreamprovider (HttpContext.Current.Server.MapPath ("/uploaduser/")); string filename ="Not set";ienumerableNull;Task.factory. StartNew (() ={Parts =Request.Content.ReadAsMultipartAsync (provider). result.contents;filename ="Set Success";},Cancellationtoken.none,Taskcreationoptions.longrunning,//Guarantees separate threadTaskscheduler.default). Wait ()

Both of these methods are returned in the form of Httpresponsemessage,Way one: In the form of a stringvar content = new Stringcontent ("{\" filename\ ": \" "+ FileName +" \ "}"); Httpresponsemessage response = new Httpresponsemessage () { Content = content};response. Content.Headers.ContentType = new Mediatypeheadervalue ("Application/json");Way two: By the way the object (here is a dictionary)var fileNames = new dictionaryHttpresponsemessage response = Request.createresponse (Httpstatuscode

Environment preparation1. Amazon EC2 Windows Server with Container2. Visual Studio Enterprise (profresianal to install update 3)3.. NET Core 1.0.0–vs Tooling Preview 2. Please click here to install4. Microsoft. NET Core SDK, can download and install to Microsoft Official websiteExperimental stepsFirst, Docker environment preparationAmazon EC2 Windows Server with container has built-in Docker, as follows:Cli

= "Isapimodule"ScriptProcessor= "%windir%\microsoft.net\framework\v4.0.30319\aspnet_isapi.dll"Precondition= "Classicmode,runtimeversionv4.0,bitness32"Responsebufferlimit= "0" /> Addname= "Extensionlessurlhandler-isapi-4.0_64bit"Path="*."verb= "Get,head,post,debug,put,delete,patch,options"ResourceType= "Unspecified"requireaccess= "Script"Modules= "Isapimodule"ScriptProcessor= "%windir%\microsoft.net\framework64\v4.0.30319\aspnet_isapi.dll"Precondition= "Classicmode,runtimeversionv4.0,bitness64

. Services.replace (typeof(Iassembliesresolver),NewServiceassembliesresolver (syssettings.serviceslocation)); } Catch(Exception ex) {loghelper.error (ex); }//other Code}}which Serviceassembliesresolver is: Public classServiceassembliesresolver:defaultassembliesresolver {//Service plug-in path Private stringpath; PublicServiceassembliesresolver (stringPath):Base() { This. Path =path; } Public OverrideIcollectiongetassemblies () {//access to existing s

I have previously written an article that is based on the HttpContext request context to read form parameters, in fact, it can be split separately.Get form values based on filter: (Core code)public void onactionexecuting (ActionExecutingContext filtercontext) { var formvalue = Filtercontext.Requestcontext.httpcontext.request.form[_name];Filtercontext.actionparameters[_actionparametername] = Formvalue; }How the ASP.

Series Navigation Address http://www.cnblogs.com/fzrain/p/3490137.html Digress: This technical point is newly learned and does not belong to the original series. However, with the help of the Project Background of the original series, the external series is named, some new technologies may be added to this series in the future. In Web Api 2.0, A New Route configuration method is proposed-Attribute-based

classWebapirestsharp {Private Const stringApiwebsite ="https://sendgrid.com"; Private Const stringApiurladdress ="Api/mail.send.json"; Public Static voidSendnormalhelloworldemail () {varClient =Newrestclient (Apiwebsite); varRequest =Newrestrequest (apiurladdress, method.post); Request. Addparameter ("Api_user", Config.sendgridname); Request. Addparameter ("Api_key", Config.sendgridpassword); Request. Addparameter ("to[]", Config.toemail); Request.

class Webapirestsharp {Private Const string apiwebsite = "https://sendgrid.com"; Private Const string apiurladdress = "Api/mail.send.json"; public static void Sendnormalhelloworldemail () {var client = new Restclient (apiwebsite); var request = new Restrequest (apiurladdress, method.post); Request. Addparameter ("Api_user", config.sendgridname); Request. Addparameter ("Api_key", Config.sendgridpassword); Reque

In the past few days, the old week in upgrading the "South China Leisure Kidney Recovery Registration Platform", in order to expand the business, in particular, allow other developers to the system to submit information about the kidney, so that the system added several Web APIs. Among them, the introduction of the kidney is submitted in plain text, the approximate code is this. [Route ("api/[controller

1. Startup.Auth.cs fileAdd Property? 1 public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; privateset; } Add a static constructor? 1 2 3 4 5 6 7 /// /// 构造函数 /// static Startup() { OAuthBearerOptions = new OAuthBearerAuthenticationOptions();} Method added in Configureauth? 1 2 // 使用不记名身份验证app.UseOAuthBearerAuthentication(OAuthBearerOptions); 2. WebApiConfig.cs fileMethod regist

How to Write secure API interfaces (parameter encryption + timeout processing + private key verification + Https)-continued (with demo), apidemo In the previous article, we talked about the design philosophy of interface security. If you haven't seen the previous blog, I suggest you read it later. Through discussion by the school friends, and I checked some infor

access must be enabled on the Web API site. In fact, cors (cross-domain resource sharing) or so-called same origin policy (same-origin policies) is a concept on the browser, and the server needs only to return a few response headers as needed:Access-control-allow-origin: Indicates that the site is allowed access by those sources (domains)Access-control-allow-headers: Indicates that the site allows those cu

safest is this)Following the previous step, we have changed the transmission mechanism to HTTPS, the thief completely confused forced. So what's the problem, https? You can set up a local environment, reference this article: http://www.cnblogs.com/naniannayue/archive/2012/11/19/2776948.htmlAnother: The interface of this article is written in MVC Webapi, completely based on the restful standard. If you are not particularly aware of this, you can refer to this article: http://www.cnblogs.com/land

Supplement: I recently read ASP. net Security advanced programming, which involves forms-based authentication, found that you have many misunderstandings, so decided to ASP. net form-based authentication for

Http://www.nmtree.net/2014/10/19/asp-net-web-api-series-choosing-asp-net-web-api-or-wcf.html WCF is a one-stop framework for.

Supplement: I recently read ASP. net Security advanced programming, which involves forms-based authentication, found that you have many misunderstandings, so decided to ASP. net form-based authentication for

This article transferred from: http://www.cnblogs.com/fzrain/p/3923727.htmlObjectiveLong time no update, before there are many things, so dragged for a long time, very sorry. Well, don't say much nonsense, let's start with the subject. This article still uses the previous season's project background (series address http://www.cnblogs.com/fzrain/p/3490137.html) to demonstrate the OData service, so we can directly use the previously built data access layer. But not to be sure to see everything bef