如何为Web API GET请求指定用户名和密码
[英]How to specify user name and password for Web API GET request
问题描述
ASP.NET MVC4 WebAPI application uses forms authentication for WebAPI: 
ASP.NET MVC4 WebAPI应用程序使用WebAPI的表单身份验证:
[Authorize]
public class EntityController : APIBase
{
public HttpResponseMessage Get(string id,
string _sidx = null,
string _sord = null,
uint _page = 1,
uint _rows = 100,
string _filters = null,
int? _dokumnr = null,
int? _vmnr = null,
string _isik = null,
uint _npage = 1,
bool _unpaid = false,
uint _layout = 0,
string _culture = null
)
{
....
This requires passing authentication cookie. 这需要传递身份验证cookie。 How to allow to call Get() method from browser url. 如何允许从浏览器URL调用Get()方法。
user name and password can specified in URL using 用户名和密码可以在URL中指定
http:://user:pass@mysite.com/API/Entity/Customer
or as query strings 或者作为查询字符串
http:://mysite.com/API/Entity/Customer?user=myuser&password=mypass
How to get user and password in API controller and log on by validation those credentials using form authentication just like Authorize attribute does ? 如何在API控制器中获取用户和密码,并使用表单身份验证验证这些凭据,就像授权属性一样?
Or is there better way to invoke this API method from browser url `? 或者有更好的方法从浏览器URL调用此API方法`?
1 个解决方案
解决方案1
1 已采纳 2015-12-09 23:59:05
First of all, you should use ViewModels, because your Actions have a lot parameters, and for security reasons you should not pass the username and password via querystring. 首先,您应该使用ViewModels,因为您的Actions有很多参数,出于安全考虑,您不应该通过querystring传递用户名和密码。 If you have a scenario more specific, you could create your own [Authorize] filter, and put your validation logic in there. 如果您的方案更具体,您可以创建自己的[Authorize]过滤器,并将验证逻辑放在那里。 Your authentication information, will hit the server via request Header. 您的身份验证信息将通过请求标头命中服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.