堆栈内存溢出
  繁体   English   中英

如何在Web API 2(ASP.Net Core)中实现基本身份验证?

[英]How to implement basic authentication in web API 2 (ASP.Net Core)?

 原文  2017-02-22 06:26:40       asp.net/ asp.net-core/ asp.net-web-api2

问题描述

我是asp.net核心和Web API 2的新手,并尝试在Web API中实现基本身份验证,例如请求标头包含用户名和密码,我将对其进行验证。 我已经使用动作过滤器在Web API中实现了同一件事。 现在我的问题是,可以在Web API 2中实现基本身份验证吗? 如果可能的话,我可以使用动作过滤器来实现它吗? Web API 2中进行身份验证的最佳方法是什么? 我应该使用中间件吗?

1 个解决方案

解决方案1
 1 已采纳  2017-02-22 16:17:41

我不确定您为什么说ASP.Net Core和Web API 2。 我们通常不会在两者同一个项目中使用。

现在我的问题是,可以在Web API 2中实现基本身份验证吗? 如果可能的话,我可以使用动作过滤器来实现它吗? Web API 2中进行身份验证的最佳方法是什么? 我应该使用中间件吗?

在Web API 2中,您可以使用DelegatingHandler轻松实现基本身份验证。

这是示例代码-

IBasicSecurityService 

public interface IBasicSecurityService
{
    bool SetPrincipal(string username, string password);
}

基本安全服务 

public class BasicSecurityService : IBasicSecurityService
{
    public bool SetPrincipal(string username, string password)
    {
        // Get user from database
        var user = GetUser(username);
        IPrincipal principal = null;
        if (user == null || (principal = GetPrincipal(user)) == null)
        {
            // System could not validate user
            return false;
        }

        Thread.CurrentPrincipal = principal;
        if (HttpContext.Current != null)
        {
            HttpContext.Current.User = principal;
        }

        return true;
    }

    public virtual IPrincipal GetPrincipal(User user)
    {
        var identity = new GenericIdentity(user.Username, Constants.SchemeTypes.Basic);

        identity.AddClaim(new Claim(ClaimTypes.GivenName, user.Firstname));
        identity.AddClaim(new Claim(ClaimTypes.Surname, user.Lastname));
        // Get authroized roles and add them as Role Claim.
        identity.AddClaim(new Claim(ClaimTypes.Role, "Manager"));

        return new ClaimsPrincipal(identity);
    }
}

BasicAuthenticationMessageHandler 

public class BasicAuthenticationMessageHandler : DelegatingHandler
{
    public const char AuthorizationHeaderSeparator = ':';
    private const int UsernameIndex = 0;
    private const int PasswordIndex = 1;
    private const int ExpectedCredentialCount = 2;

    private readonly IBasicSecurityService _basicSecurityService;

    public BasicAuthenticationMessageHandler(IBasicSecurityService basicSecurityService)
    {
        _basicSecurityService = basicSecurityService;
    }

    protected override async Task<HttpResponseMessage> SendAsync(
        HttpRequestMessage request,
        CancellationToken cancellationToken)
    {
        if (HttpContext.Current.User.Identity.IsAuthenticated)
        {
            // Already authenticated; passing on to next handler...
            return await base.SendAsync(request, cancellationToken);
        }

        if (!CanHandleAuthentication(request))
        {
            // Not a basic auth request; passing on to next handler...
            return await base.SendAsync(request, cancellationToken);
        }

        bool isAuthenticated;
        try
        {
            isAuthenticated = Authenticate(request);
        }
        catch (Exception e)
        {
            // Failure in auth processing
            return CreateUnauthorizedResponse();
        }

        if (isAuthenticated)
        {
            var response = await base.SendAsync(request, cancellationToken);
            return response;
        }

        return CreateUnauthorizedResponse();
    }

    public bool CanHandleAuthentication(HttpRequestMessage request)
    {
        return (request.Headers != null
                && request.Headers.Authorization != null
                && request.Headers.Authorization.Scheme.ToLowerInvariant() == Constants.SchemeTypes.Basic);
    }

    public bool Authenticate(HttpRequestMessage request)
    {
        // Attempting to authenticate...
        var authHeader = request.Headers.Authorization;
        if (authHeader == null)
        {
            return false;
        }

        var credentialParts = GetCredentialParts(authHeader);
        if (credentialParts.Length != ExpectedCredentialCount)
        {
            return false;
        }

        return _basicSecurityService.SetPrincipal(credentialParts[UsernameIndex], credentialParts[PasswordIndex]);
    }

    public string[] GetCredentialParts(AuthenticationHeaderValue authHeader)
    {
        var encodedCredentials = authHeader.Parameter;
        var credentialBytes = Convert.FromBase64String(encodedCredentials);
        var credentials = Encoding.ASCII.GetString(credentialBytes);
        var credentialParts = credentials.Split(AuthorizationHeaderSeparator);
        return credentialParts;
    }

    public HttpResponseMessage CreateUnauthorizedResponse()
    {
        var response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
        response.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue(Constants.SchemeTypes.Basic));
        return response;
    }
}

致谢: ASP.NET Web API 2的第121页:从头到尾构建REST服务

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 ASP.NET Web API基本身份验证 ASP.NET Core Web API 身份验证 如何实现允许承载令牌身份验证或 api 密钥身份验证的 ASP.Net Core API Controller 为ASP.NET Web API 2应用程序启用Windows和基本身份验证 处理身份验证/授权:ASP.NET Core Web 应用程序 =&gt; ASP.NET Core Web API =&gt; SQL 在 ASP.NET Core 5.0 Web API 中实现 DelegatingHandler? ASP.NET Core 1.0 Web API 中的简单 JWT 身份验证 ASP.NET 内核 Web API 谷歌认证 如何使用基本身份验证创建asp.net网页 如何使用vuejs / vuex和ASP.NET Web API实现令牌身份验证和授权
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM