ASP. NET web API tutorial (6) security and identity authentication

In actual project applications, data security and reliability are often required. How can we ensure data security? There are many practices, and the most common is identity authentication. The verification is passed and the corresponding access permission is granted based on the verified identity. How do I implement identity authentication in the same web API? The following content details web API identity authentication.

 

First, expand the User-Defined Identity Authentication
Add customauthorizeattribute. CS
This class inherits from system. Web. http. authorizeattribute (Identity Authentication class). By Rewriting its core authentication method, web API identity authentication is achieved.
CompleteCode:

Public Class Customauthorizeattribute: system. Web. http. authorizeattribute
{
Public Override Void Onauthorization (system. Web. http. controllers. httpactioncontext actioncontext)
{
// Determine whether a user is logged on
If (! Httpcontext. Current. User. Identity. isauthenticated)
Handleunauthorizedrequest (actioncontext );
}
Protected Override Void Handleunauthorizedrequest (system. Web. http. controllers. httpactioncontext actioncontext)
{
VaR Challengemessage = New System. net. http. httpresponsemessage (system. net. httpstatuscode. Unauthorized );
Challengemessage. headers. Add ( " WWW-Authenticate " , " Basic " );
Throw New System. Web. http. httpresponseexception (challengemessage );

}

}

Add identity authentication (you must log on before querying) and add attributes to the Controller. You can directly use the vs shortcut key to obtain the attributes.
 
Complete code

PS: the Controller class indicates that each action of the controller is authenticated. If you want to create an action, you can write it directly on the action class.

Next, write the logon method.

Public Actionresult login ()
{
Return View ();
}

[Httppost]
Public Actionresult login (formcollection Fol)
{
/// To demonstrate how to simplify the logon process
/// You can verify that the user name or password is correct here.
System. Web. Security. formsauthentication. setauthcookie (Fol [ " Username " ], False );
Return Redirect ( " /Htmlpage5.htm " );
}

With the background method, the last front-end page is left.
Right-click the login method to quickly generate pages. (Vs will not introduce more tools to improve efficiency)

 

 

Write the following logon code in the generated login. cshtml:

@ Using (html. beginform ())
{
<Fieldset>
<Label> account: </label> <input type = " Text " Name = " Username " /> <Br/>
<Label> password: </label> <input type = " Text " Name = " Password " /> <Br/>
<Input type = " Submit " Value = " Login " />
</Fieldset>
}

At this time, there are two other small areas for configuration.
The first is Web. config configuration form authentication.

< Authentication Mode = "Forms" >
< Forms Loginurl = "~ /Home/login" Timeout = "2880"   />
</ Authentication >

Modify htmlpage5.html's js(htmlpage5.html can directly copy htmlpage4.html) in the second example)
Modify the code used to obtain the data to jump with a verified identity.
Original JS

$. Get ('/API/userinfo', function (data ){
// From the API
// Obtain the returned data, update the knockout model, and bind it to the page UI Template
Viewmodel. userinfos (data );
});

Modified JS

$. Ajax ({
URL: '/API/userinfo ',
Type: 'get ',
Contenttype: 'application/JSON; charset = UTF-8 ',
Statuscode :{
200/* created */: function (data ){
Viewmodel. userinfos (data)
}, 401: function (jqxhr, textstatus, errorthrown ){
Window. Location. href = '/home/login ';
}
}
});

OK. The code is almost written for testing.
Test Step 1: directly access/API/userinfo
 

Step 2: htmlpage5.html

 
Met identity authentication requirements
Test Step 3: Enter the user name and password. Can this function be used?
The answer is yes.
 

 

Download the source code of this article:/files/risk/web API 6/mvcapplication1.rar