webapi里的特性

/// <summary>

    ///  Basic验证

    /// </summary>

    /// <remarks>

    ///

    /// </remarks>

    public class BasicAuthorizeAttibute : AuthorizeAttribute

    {

        public override void OnAuthorization(HttpActionContext actionContext)

        {

            var authorization = actionContext.Request.Headers.Authorization; //HTTP标头的Authorization值

            //ActionDescriptor方法上，ActionDescriptor.ControllerDescriptor 类上

            //有[AllowAnonymousAttribute] 的情况下

            if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>(true).Count != 0

                || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>(true).Count != 0)

            {

                base.OnAuthorization(actionContext);

            }

            else if (authorization != null && authorization.Parameter != null)

            {

                //用户逻辑验证

                if (ValidateTicket(authorization.Parameter))

                {

                    base.IsAuthorized(actionContext);

                }

                else

                {

                    this.HandleUnauthorizedRequest(actionContext);

                }

            }

            else

            {

                this.HandleUnauthorizedRequest(actionContext);

            }

        }

        /// <summary>

        ///  验证用户逻辑

        /// </summary>

        /// <param name="encryptTicket" type="string">

        ///

        /// </param>

        ///

        private bool ValidateTicket(string encryptTicket)

        {

           // var strTicket = FormsAuthentication.Decrypt(encryptTicket.Remove(encryptTicket.Length - 1).Remove(0, 1));

            var strTicket = FormsAuthentication.Decrypt(encryptTicket);

            return string.Equals(strTicket.UserData, string.Format("{0}&{1}", "admin", "123"));

        }

    }

获取ticket

        [AllowAnonymous]

        [HttpGet]

        public HttpResponseMessage Login(string account, string password)

        {

            Model.User user = new User();

            if (account == "admin" && password == "123")

            {

                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(0, account, DateTime.Now,

                           DateTime.Now.AddHours(1), true, string.Format("{0}&{1}", account, password),

                           FormsAuthentication.FormsCookiePath);

                return Success(user = new User() { name = account, pass = password, ticket = FormsAuthentication.Encrypt(ticket) });

            }

            else

            {

                return Msg("登录失败");

            }

        }

MVC里面请求头（后台请求）

public string GetApi(string method, string queryString)

        {

            var result = ApiHelper.Instance.RequestApi(method, queryString, GetApiHeader());

            return result;

        }

private WebHeaderCollection GetApiHeader()

        {

            string key = string.Format(GlobalVar.UserTiketCacheKey);

            var result = CacheHelper.CacheReader(key);

            WebHeaderCollection header = new WebHeaderCollection();

            header.Add(HttpRequestHeader.Authorization, "BasicAuth " + result);

            return header;

        }