1、定义认证失败结果生成器
/// <summary>
/// 认证失败结果生成器
/// </summary>
public class AuthenticationFailureResult : IHttpActionResult
{
public AuthenticationFailureResult(string reasonPhrase, HttpRequestMessage request)
{
ReasonPhrase = reasonPhrase;
Request = request;
} public string ReasonPhrase { get; private set; } public HttpRequestMessage Request { get; private set; } public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
{
return Task.FromResult(Execute());
} private HttpResponseMessage Execute()
{
return Request.CreateErrorResponse(HttpStatusCode.Unauthorized, this.ReasonPhrase);
}
}
2、定义自定义认证过滤器(基于Cookie)
/// <summary>
/// 自定义认证
/// </summary>
public class CustomAuthenticationFilter : Attribute, IAuthenticationFilter
{
public virtual bool AllowMultiple
{
get { return false; }
} public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
var principal = await this.AuthenticateAsync(context.Request);
if (principal == null)
{
context.Request.Headers.GetCookies().Clear();
context.ErrorResult = new AuthenticationFailureResult("未授权请求", context.Request);
}
else
{
context.Principal = principal;
}
} public Task ChallengeAsync(HttpAuthenticationChallengeContext context, CancellationToken cancellationToken)
{
return Task.FromResult();
} private Task<IPrincipal> AuthenticateAsync(HttpRequestMessage request)
{
return Task.Run<IPrincipal>(() =>
{
CookieHeaderValue cookieMobile = request.Headers.GetCookies("clientMobile").FirstOrDefault(),
cookieToken = request.Headers.GetCookies("clientToken").FirstOrDefault();
if (cookieMobile == null || cookieToken == null
|| string.IsNullOrWhiteSpace(cookieMobile["clientMobile"].Value)
|| string.IsNullOrWhiteSpace(cookieToken["clientToken"].Value))
{
return null;
} string mobile = cookieMobile["clientMobile"].Value,
token = cookieToken["clientToken"].Value;
ClientDTO client = null;
//此处从Redis服务器中取出指定用户,各位可以根据需要自行更换
using (ICache cache = ObjectContainer.Current.Resolve<ICacheFactory>().CreateCache())
{
client = cache.Get<ClientDTO>(RedisTables.CLIENT, mobile);
}
//验证用户合法性,如果合法,构建声明式安全主题权限模式并返回,若用户验证不通过返回空
if (client != null && string.Equals(token, Md5Helper.MD5(string.Format("{0}{1}", mobile, client.MsgCode), ), StringComparison.Ordinal))
{
IEnumerable<Claim> claims = new List<Claim>()
{
new Claim(ClaimTypes.Name, mobile)
};
var identity = new ClaimsIdentity("LoanCookie");
identity.AddClaims(claims);
return new ClaimsPrincipal(identity);
} return null;
});
}
}
3、将认证特性标记应用于全局、控制器或控制器操作,以控制器操作为例: