堆栈内存溢出
  简体   繁体   English

asp.net mvc 4 web api中的授权

[英]authorization in asp.net mvc 4 web api

 原文  2012-06-07 13:30:57       asp.net/ .net/ asp.net-mvc/ asp.net-mvc-4/ asp.net-web-api

问题描述

I've been following a series of videos on how to create a web API using MVC 4 . 我一直在关注如何使用MVC 4创建Web API的一系列视频。 The sixth video describes the authorization process, but it is both too complex for what I want, and it somehow redirects to a form (which makes no sense to me, but then I'm new to this stuff). 第六个视频描述了授权过程,但它对于我想要的东西来说太复杂了,它以某种方式重定向到一个表单(这对我没有意义,但后来我对这个东西不熟悉)。

I've used API's from other sites, and they usually use one of 2 methods: 我使用过来自其他网站的API,他们通常使用以下两种方法之一:

  1. a token in the url (http://myurl/api/service/?token=[bunch of characters here] 网址中的一个令牌(http:// myurl / api / service /?token = [此处有一堆字符]

  2. a username or password (or token) in the header 标头中的用户名或密码(或令牌)

I'm leaning towards the second method, as it means I wouldn't have to add a parameter to each of my methods. 我倾向于第二种方法,因为这意味着我不必为每个方法添加参数。

If I use this approach, do I need to add code to the beginning of each method to check the headers (request.headers?) for username/password (then find them in our database and see if they have permission to access this method)...Or is there a simpler way of doing this? 如果我使用这种方法,我是否需要在每个方法的开头添加代码以检查用户名/密码的标题(request.headers?)(然后在我们的数据库中找到它们并查看它们是否有权访问此方法) ......或者有更简单的方法吗?

1 个解决方案

解决方案1
 4 已采纳  2012-06-07 15:39:28

You can mark your Controller class with attribute which is derived from AthorizationFilterAttribute. 您可以使用从AthorizationFilterAttribute派生的属性标记Controller类。 http://msdn.microsoft.com/en-us/library/system.web.http.filters.authorizationfilterattribute(v=vs.108).aspx http://msdn.microsoft.com/en-us/library/system.web.http.filters.authorizationfilterattribute(v=vs.108).aspx

In this case you will not need to write authorization checks in every method, but only in one place. 在这种情况下,您不需要在每个方法中编写授权检查,但只能在一个地方编写。 This approach is well described under the following link: 这种方法在以下链接中有详细描述:

http://www.tugberkugurlu.com/archive/api-key-authorization-through-query-string-in-asp-net-web-api-authorizationfilterattribute http://www.tugberkugurlu.com/archive/api-key-authorization-through-query-string-in-asp-net-web-api-authorizationfilterattribute

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET MVC + Web API2 + AngularJS授权和身份验证 - ASP.NET MVC + Web API2 + AngularJS authorization and authentication Web API的ASP.Net MVC自定义授权 - ASP.Net MVC Custom Authorization for Web API 在ASP.NET MVC Web API服务和MVC客户端体系结构中实现身份验证和基于角色的授权 - Implementing Authentication and role based authorization in ASP.NET MVC web API service and MVC client architecture 如何使用ASP.net MVC使用oauth2授权使用web api? - How to consume a web api with oauth2 authorization using ASP.net MVC? ASP.NET Web API + ASP.NET MVC身份验证 - ASP.NET Web API + ASP.NET MVC Authentication 现有ASP.NET Web API中的ASP.NET MVC 4 - ASP.NET MVC 4 in existing ASP.NET Web API Web Api和ASP.Net MVC - Web Api and ASP.Net MVC 使用Asp.net MVC 6和Web Api进行身份验证 - Authentication with Asp.net MVC 6 and Web Api 使用 asp.net mvc 4 web api 的安全性 - security with asp.net mvc 4 web api 带Web Api的Asp.Net MVC - Asp.Net MVC with Web Api
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM