读取ASP.NET WEB API中的每个传入请求(URL)
[英]Reading every incoming request (URL) in ASP.NET WEB API
问题描述
I was using ASP.NET MVC framework. 
我使用的是ASP.NET MVC框架。 In this framework, we checked every incoming request (url) for some key and assigned it to a property. 在此框架中,我们检查了某些密钥的每个传入请求(url)并将其分配给属性。 We created a custom class which derived from Controller class & we override OnActionExecuting() to provide our custom logic. 我们创建了一个派生自Controller类的自定义类,我们重写 OnActionExecuting()以提供我们的自定义逻辑。
How can we achieve the same in ASP.NET WEB API? 我们如何在ASP.NET WEB API中实现相同的目标?
//Implementation from ASP.NET MVC
public class ApplicationController : Controller
{
public string UserID { get; set; }
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (!string.IsNullOrEmpty(Request.Params["uid"]))
UserID = Request.Params["uid"];
base.OnActionExecuting(filterContext);
}
}
What I have tried in ASP.NET WEB API: -- Though this is working, I wonder if this is the correct approach? 我在ASP.NET WEB API中尝试过的: - 虽然这是有效的,但我想知道这是否是正确的方法?
Created a base controller 创建了一个基本控制器
public class BaseApiController : ApiController
{
public string UserID { get; set; }
}
Created another class which inherits ActionFilterAttribute class & I override OnActionExecuting() 创建了另一个继承ActionFilterAttribute类的类,我重写了OnActionExecuting()
public class TokenFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
{
var queryString = actionContext.Request.RequestUri.Query;
var items = HttpUtility.ParseQueryString(queryString);
var userId = items["uid"];
((MyApi.Data.Controllers.BaseApiController)(actionContext.ControllerContext.Controller)).UserID = userId;
}
}
Now register this class 现在注册这个课程
public static void Register(HttpConfiguration config)
{
config.Filters.Add(new TokenFilterAttribute());
}
1 个解决方案
解决方案1
8 2014-09-02 09:34:56
You can use message handlers from ASP.NET Web API. 您可以使用ASP.NET Web API中的消息处理程序。 It is a typical security scenation, when you need to get some user token from query string, URL or HTTP Header 当您需要从查询字符串,URL或HTTP标头获取一些用户令牌时,这是一种典型的安全方案
http://www.asp.net/web-api/overview/advanced/http-message-handlers http://www.asp.net/web-api/overview/advanced/http-message-handlers
1.When you need simply to extract userId from URL, then use it as parameter for your Api method and ASP.NET WebAPI will do work for you, like 1.当您只需从URL中提取userId时,请将其用作Api方法的参数,ASP.NET WebAPI将为您工作,如
[HttpGet, Route("{userId}/roles")]
public UserRoles GetUserRoles(string userId, [FromUri] bool isExternalUser = true)
It work for such request 它适用于此类请求
http://.../15222/roles?isExternalUser=false
2.If it is security scenario, please refer to http://www.asp.net/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api Basically you will need some MessageHandler or you can use filter attributes as well, it is mechanism in ASP.NET Web API to intercept each call. 2.如果是安全方案,请参考http://www.asp.net/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api基本上你需要一些MessageHandler或者你也可以使用过滤器属性,它是ASP.NET Web API中拦截每个调用的机制。
If you need to process each request then MessageHandler is your way. 如果您需要处理每个请求,那么MessageHandler就是您的方式。 You need implement MessageHanler and then register it. 您需要实现MessageHanler然后注册它。
To say easily, typical MessageHandler is class derived from MessageHandler or DelegatingHandler with SendAsync method overriden: 简单地说,典型的MessageHandler是从MessageHandler派生的类或者使用SendAsync方法覆盖的DelegatingHandler:
class AuthenticationHandler : DelegatingHandler
{
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
// Your code here
return base.SendAsync(request, cancellationToken);
}
}
And you need register it
static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Other code for WebAPI registerations here
config.MessageHandlers.Add(new AuthenticationHandler());
}
}
and call it from Global.asax.cs 并从Global.asax.cs调用它
WebApiConfig.Register(GlobalConfiguration.Configuration); WebApiConfig.Register(GlobalConfiguration.Configuration);
Some example dummy hypotetical implementation of such handler (here you need to imeplement your UidPrincipal from IPrincipal and UidIdentity from IIdentity) 这种处理程序的虚拟hypotetical实现的一些示例(这里你需要从IPrincipal和IIdentity的UidIdentity中补充你的UidPrincipal)
public class AuthenticationHandler : DelegatingHandler
{
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
try
{
var queryString = actionContext.Request.RequestUri.Query;
var items = HttpUtility.ParseQueryString(queryString);
var userId = items["uid"];
// Here check your UID and maybe some token, just dummy logic
if (userId == "D8CD2165-52C0-41E1-937F-054F24266B65")
{
IPrincipal principal = new UidPrincipal(new UidIdentity(uid), null);
// HttpContext exist only when hosting as asp.net web application in IIS or IISExpress
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
else
{
Thread.CurrentPrincipal = principal;
}
return base.SendAsync(request, cancellationToken);
}
catch (Exception ex)
{
this.Log().Warn(ex.ToString());
return this.SendUnauthorizedResponse(ex.Message);
}
}
else
{
return this.SendUnauthorizedResponse();
}
}
catch (SecurityTokenValidationException)
{
return this.SendUnauthorizedResponse();
}
}
}
And lets access it from some ASP.NET WebApi method or some property in WebAPI class 并允许从一些ASP.NET WebApi方法或WebAPI类中的某些属性访问它
var uid = ((UidIdentity)User.Identity).Uid
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.