如果验证失败,会返回 401 Unauthorized
并且通过 response.Headers.WwwAuthenticate 头信息 获取 AuthenticationHeaderValue ,从而获取 验证规则,以及服务器传的值
比如 在程序中 给头信息赋值 credential,client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(credential));
在验证 AuthenticateAsync 中通过 string credential = Encoding.Default.GetString(Convert.FromBase64String(headerValue.Parameter)); 来取值,进行判断
验证过后,过滤器会调用 ChallengeAsync 方法 ,获取验证的Principal,如果不为空且 验证有效,则不返回401 权限不通过提示
//IPrincipal user = context.ActionContext.ControllerContext.RequestContext.Principal;
IPrincipal user = Thread.CurrentPrincipal;
using System;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
namespace Client
{
class Program
{
static void Main(string[] args)
{
Console.OutputEncoding = Encoding.UTF8;
HttpClient client = new HttpClient();
HttpResponseMessage response = client.GetAsync("http://localhost:3721/api/demo").Result;
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
Console.WriteLine("认证失败");
AuthenticationHeaderValue challenge = response.Headers.WwwAuthenticate.FirstOrDefault();
if (challenge != null && challenge.Scheme == "Basic")
{
Console.Write("输入用户名:");
string userName = Console.ReadLine().Trim();
Console.Write("输入密码:");
string password = Console.ReadLine().Trim();
byte[] credential = Encoding.Default.GetBytes(string.Format("{0}:{1}", userName, password));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", Convert.ToBase64String(credential));
response = client.GetAsync("http://localhost:3721/api/demo").Result;
string result = response.Content.ReadAsAsync<string>().Result;
Console.WriteLine(result);
}
}
Console.ReadLine();
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http.Headers;
using System.Security.Principal;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Web;
using System.Web.Http;
using System.Web.Http.Filters;
using System.Web.Http.Results;
namespace WebApi
{
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
public class AuthenticateAttribute : FilterAttribute, IAuthenticationFilter
{
private static Dictionary<string, string> userAccounters;
static AuthenticateAttribute()
{
userAccounters = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
userAccounters.Add("Foo", "Password");
userAccounters.Add("Bar", "Password");
userAccounters.Add("Baz", "Password");
}
public Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
IPrincipal user = null;
AuthenticationHeaderValue headerValue = context.Request.Headers.Authorization;
if (null != headerValue && headerValue.Scheme == "Basic")
{
string credential = Encoding.Default.GetString(Convert.FromBase64String(headerValue.Parameter));
string[] split = credential.Split(':');
if (split.Length == 2)
{
string userName = split[0];
string password;
if (userAccounters.TryGetValue(userName, out password))
{
if (password == split[1])
{
GenericIdentity identity = new GenericIdentity(userName);
user = new GenericPrincipal(identity, new string[0]);
}
}
}
}
context.Principal = user;
return Task.FromResult<object>(null);
}
public Task ChallengeAsync(HttpAuthenticationChallengeContext context, CancellationToken cancellationToken)
{
IPrincipal user = context.ActionContext.ControllerContext.RequestContext.Principal;
if (null == user || !user.Identity.IsAuthenticated)
{
string parameter = string.Format("realm=\"{0}\"", context.Request.RequestUri.DnsSafeHost);
AuthenticationHeaderValue challenge = new AuthenticationHeaderValue("Basic", parameter);
context.Result = new UnauthorizedResult(new AuthenticationHeaderValue[] { challenge }, context.Request);
}
return Task.FromResult<object>(null);
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http;
namespace WebApi.Controllers
{
[Authenticate]
public class DemoController : ApiController
{
public string Get()
{
return "成功调用!";
}
}
}