Control action
public class Testcontroller:apicontroller{[myauthfilter]public string test (String str) {return str. Trim ();}}
Filter class public class Myauthfilter:actionfilterattribute {const string securitykeyname = "Mysecuritykey";//h The name of the TTP header, public object _ebacls = new Object (); public override void OnActionExecuting (System.Web.Http.Controllers.HttpActionContext actioncontext) {if (Ebpermission = = "1")//Judgment permission {if (ebacls = = null) {Lock (_eb ACLS) {ebacls = Setebaclsdata (); }} bool Isauth = FALSE; BOOL ispermission = false; Ebsecuritydata Ebsecuritydata = null;//custom Object ienumerable<string> lists; if (ActionContext.Request.Headers.TryGetValues (Securitykeyname, out lists)) {string sec Uritykey = lists. FirstOrDefault (); Logutility.writelog (Securitykeyname + securitykey);//write Log file try {ebsecuritydata = Ebsecurityutility.getsecuritydata (SecurityKey);//decryption of the resulting cryptographic string Logutility.writelog ("Ebsecuritydata:" + (ebsecuritydata! = null?) Ebsecuritydata.objecttojson (): "")); } catch (Exception) {} if (ebsecuritydata! = null && EBS Ecuritydata.expire > DateTime.Now && ebsecuritydata.providerid > 0) { GenericIdentity identity = new GenericIdentity (EBSecurityData.ProviderId.ToString (), "Forms"); GenericPrincipal principal = new GenericPrincipal (identity, new string[] {}); HttpContext.Current.User = Principal; Isauth = true; String actionname = ActionContext.ActionDescriptor.ActionName.ToLower (); String Actionno; Ebacls. TryGetValue (ActionName,Out Actionno); if (!string. Isnullorwhitespace (EBSECURITYDATA.ACL) &&!string. Isnullorwhitespace (Actionno)) {string ACL = string. Format (", {0},", Ebsecuritydata.acl); Ispermission = ACL. Contains ("," + Actionno + ","); }}} if (!isauth) {throw new business Exception ("Login verification Failed", 401); } else if (!ispermission) {throw new Businessexception ("Unauthorized", 403); }}} public static dictionary<string, string> ebacls {get; set;} Dictionary<string, string> Setebaclsdata () {dictionary<string, string> dic = new Dictionary <string, string> (); Dic. ADD ("Getorderitemoperaterecords", "01"); Dic. ADD ("Getorderitemchangedetail", "02"); return dic; } }
HTTP Header Request Example:
User-agent:fiddler
Host:localhost
content-length:478
Content-type:text/json
mysecuritykey:roxnqnjla0voulfxmcgugvhkjt1njtdv1hmu67mbgpiu0ulevmkxjxkpj5d7dn1hdd%2bpdm% 2fsa9ijn36nksxqe1mdq8mqt1jqhvttvqfg3zhrsfygmqvae3auycen%2f9873lijxxyuk%2fuq75vj3kh3byizykrmsvr4fpmbxnvwhvhuho% 2bdvjjqdpls2pihy1kbjffkcmnybzjwdpu%2flzyciesalh%2fdc85ioui9oodwzapmjbvpxobn7ahn%2fj%2bkmwnjiybxppvo3iu%3d
Get the value of Mysecuritykey, how to deal with how to deal with, I am just the same example, effectively increase the API safety factor.
If the method is important, use permissions, as long as you add [Myauthfilter] tags, you can implement authorization validation, of course, if different methods, you can also use different filters ~ themselves can be arbitrarily defined.
To determine HTTP header information in the. Net MVC Architecture API interface Implement public permission validation filter example