標籤:style class blog code http tar
HTTP Message Handler
在 Web Api 2 認證與授權 中講解了幾種實現機制,本篇就詳細講解 Message Handler 的實現方式
關於 Message Handler 在 request 到 response 過程所處於的位置,可以參考這裡 HTTP Message Handlers
Authentication Message Handler
先看一段實現的代碼,然後再做講解,完整代碼可以在 Github 上參考,WebApi2.Authentication
1 using System; 2 using System.Net; 3 using System.Net.Http; 4 using System.Security.Claims; 5 using System.Threading; 6 using System.Threading.Tasks; 7 // WebPrint.Framework reference https://github.com/LeafDuan/WebPrint/tree/master/WebPrint.Framework 8 using WebPrint.Framework; 9 10 namespace Server.Helper11 {12 // references13 // http://www.codeproject.com/Articles/630986/Cross-Platform-Authentication-With-ASP-NET-Web-API14 // http://dgandalf.github.io/WebApiTokenAuthBootstrap/15 public class AuthenticationMessageHandler : DelegatingHandler16 {17 protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,18 CancellationToken cancellationToken)19 {20 if (request.Headers.Authorization == null)21 {22 var reply = request.CreateResponse(HttpStatusCode.Unauthorized, "Missing authorization token.");23 24 return Task.FromResult(reply);25 }26 27 try28 {29 var encryptedToken = request.Headers.Authorization.Parameter;30 var token = Token.Decrypt(encryptedToken);31 //bool isValidUser32 var isIpMathes = token.ClientIp.EqualTo(request.GetClinetIp());33 34 if (!isIpMathes)35 {36 var reply = request.CreateResponse(HttpStatusCode.Unauthorized, "Invalid authorization token");37 return Task.FromResult(reply);38 }39 40 var principal = new ClaimsPrincipal(new ClaimsIdentity(new[]41 {42 new Claim(ClaimTypes.Name, token.UserId.ToString())43 }, "Basic"));44 45 // authorize attribute 46 request.GetRequestContext().Principal = principal;47 }48 catch (Exception ex)49 {50 var reply = request.CreateErrorResponse(HttpStatusCode.Unauthorized, ex.Message);51 return Task.FromResult(reply);52 }53 54 return base.SendAsync(request, cancellationToken);55 }56 }57 }
實現也是很簡單,通過繼承 DelegatingHandler 重寫 SendAsync 方法實現,整個流程需要的步驟如下:
1 登入,通過 api/auth 接收登入資訊,驗證後產生一個 token
2 每次請求判斷 request.Headers.Authorization 參數,看是否攜帶 token (Http Client 將步驟 1 中的 token 設定到 request.Headers.Authorization)
3 解析 token,佈建要求內容相關的 Principal 用於 Authorize 屬性使用
基本過程就差不多這三部曲,其中關於 token 的驗證,如是否逾時,是否重複,可自行想辦法去實現
Web Api Config
大家都知道 Message Handler 在 pipeline 裡是在 controller 之前運行,因此請求所有的 Api Controller 都會先執行 handler,因此針對登入,需要給予額外的照顧,允許匿名訪問,實現方法:handler 可以是全域的,也可以是 per router 的,因此此處通過後一種方式實現:
1 using System.Linq; 2 using System.Net.Http.Formatting; 3 using System.Web.Http; 4 using System.Web.Http.Dispatcher; 5 using Newtonsoft.Json; 6 using Server.Helper; 7 8 namespace Server 9 {10 public static class WebApiConfig11 {12 public static void Register(HttpConfiguration config)13 {14 config.MapHttpAttributeRoutes();15 16 config.Routes.MapHttpRoute(17 name: "Authentication",18 routeTemplate: "api/auth",19 defaults: new {controller = "account"}20 );21 22 config.Routes.MapHttpRoute(23 name: "DefaultApi",24 routeTemplate: "api/{controller}/{id}",25 defaults: new {id = RouteParameter.Optional},26 constraints: null,27 handler: new AuthenticationMessageHandler {InnerHandler = new HttpControllerDispatcher(config)}28 );29 30 var jsonFormatter = config.Formatters.OfType<JsonMediaTypeFormatter>().First();31 32 jsonFormatter.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;33 jsonFormatter.SerializerSettings.ContractResolver = new NHibernateContractResolver();34 }35 }36 }
總結
最近匆匆忙忙使用託管在 Owin Self Host 上的 Web Api 2,遇到問題頗多,很多也是匆匆忙忙解決的,這裡也就匆匆忙忙做一個分享。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
