方式一、全局认证
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API 配置和服务
config.Filters.Add(new ApiAuthorizeAttribute());
}
}
方式二、局部认证
在控制器前加认证特性[ApiAuthorizeAttribute],方法名前加认证特性
[ApiAuthorizeAttribute]
public class ValuesController : ApiController
{
[Authorize]
public void Post([FromBody]string value)
{
}
}
以下为自定义授权筛选器文件
/// <summary>
/// 授权筛选器
/// </summary>
public class ApiAuthorizeAttribute : AuthorizeAttribute
{
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var tokenHeader = from t in actionContext.Request.Headers where t.Key == "token" select t.Value.FirstOrDefault();
if (tokenHeader != null)
{
string token = tokenHeader.FirstOrDefault();
if (!string.IsNullOrEmpty(token))
{
try
{
return true;
}
catch (Exception ex)
{
return false;
}
}
}
return false;
}
/// <summary>
/// 处理授权失败的请求
/// </summary>
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, new
{
code = "3001",
msg = "false",
data = new { }
}, "application/json");
}
}