[英]Request to Web Api from RestClient
I am using web api in xamarin forms. 我正在以Xamarin形式使用Web API。 After login with microsoft account i am sending access token with request, every end point is working.
使用Microsoft帐户登录后,我正在发送带有请求的访问令牌,每个端点都在工作。 But now we have implement the roles on controller based.
但是现在我们已经基于控制器实现了角色。 I have used custom authentication.
我使用了自定义身份验证。 I want to get the userID from request, that is not coming with client request.
我想从请求中获取用户ID,这不是客户端请求所附带的。 My concern is, Should i get the user detail with token or any other way?
我的担心是,我应该使用令牌还是其他方式获取用户详细信息? please guide me.
请指导我。 Steps that i am following to use the service:- 1. Login with Microsoft Account.
我要使用该服务的步骤如下:1.使用Microsoft帐户登录。 2. Get Access token and Pass in request header.
2.获取访问令牌并传递请求标头。
here is web api Custom AuthorizationFilter code:- 这是Web api自定义AuthorizationFilter代码:-
public override void OnAuthorization(HttpActionContext actionContext)
{
WMSEntities db = new WMSEntities();
//IEnumerable<string> auth_token;
//actionContext.Request.Headers.TryGetValues("x-zumo-auth", out auth_token);
//var result = Get<List<AzureUserDetail>>(HttpWebRequest.Create(url + "/.auth/me"), auth_token.FirstOrDefault(), null)?.FirstOrDefault();
//actionContext.Request.Headers.TryGetValues("email", out auth_token);
string userID = actionContext.ControllerContext.RequestContext.Principal.Identity.Name;
var user = db.UserProfiles.FirstOrDefault(x => x.Name == userID);
if (user == null)
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
else
{
bool ok = false;
foreach (var item in user.AppRoles)
{
foreach (string ar in accessRoleNames)
{
if (item.Name == ar)
ok = true;
}
}
db.Dispose();
if (!ok)
actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized);
}
base.OnAuthorization(actionContext);
}
Should i un-comment the three lines code or any other way to get the userID. 我应该取消注释三行代码或获取用户ID的任何其他方式。
Since you are using token based auth, I would get user info based on the token. 由于您使用的是基于令牌的身份验证,因此我将基于令牌获取用户信息。
You might run into the case where a user does not have a Identity on the server, but they have submitted a valid auth token. 您可能会遇到以下情况:用户在服务器上没有身份,但是他们提交了有效的身份验证令牌。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.