Web api如何使用从API发送的令牌

Question

已经挖了3天，仍然无法找到一个好的答案。真的很感谢，如果有人可以帮助我 例如。客户端使用登录功能从www.client.com到 我的web api验证成功并向用户发送令牌。客户如何使用令牌API返回与

[RoutePrefix("api/Customer")] 
public class CustomerController : ApiController 
{ 
    List<customer> list = new List<customer>() { new customer {id=1 ,customerName="Marry",age=13}, 
     new customer { id = 2, customerName = "John", age = 24 } }; 
    [Route("GetExployeeByID/{id:long}")] 
    [HttpGet] 
    [Authorize] 
    public customer GetExployeeByID(long id) 
    { 
     return list.FirstOrDefault(x => x.id == id); 
    } 
} 

客户端脚本

function login() { 
    $.ajax({ 
     url: 'http://www.azapi.com:81/token', 
     contenttype: 'application/json', 
     data: { username: 'admin@admin.com', password: 'P@ssw0rd', grant_type: 'password' }, 
     type: 'post', 
     crossDomain: true, 
     success: function (data) { 
      sessionStorage.setItem('token', data.access_token) 
     }, 
     error: function (err) { 
      debugger 
      alert('error') 
     } 

    }) 
} 

function getEmployee() { 
    $.ajax({ 
     url: 'http://www.azapi.com:81/api/customer/GetExployeeByID/1', 
     datatype: "json", 
     type: 'get', 
     headers: { 
      "access_token": sessionStorage.getItem("token") 
     }, 
     crossDomain: true, 
     success: function (data) { 
      debugger 
      alert(data.customerName) 
     }, 
     error: function (err) { 
      debugger 
      alert('error') 
     } 

    }) 
} 

属性的方法来访问的方法。客户端呼吁从跨域全光照阿贾克斯的方法和我的WebAPI已经在web.config中

Answer 1

打开的WebAPI配置和CRO公司政策的CRO当他们送他们应该添加一个名为“授权”与头值的请求你的令牌。

然后，当请求到来时，你可以拉出来的标题和工艺验证控制

Answer 2

你应该写一个自定义AuthorizationAttribute这样的：

public class CheckAttendeeNameAttribute : System.Web.DomainServices.AuthorizationAttribute 
{  
    public override bool Authorize(System.Security.Principal.IPrincipal principal) 
    { 
     if (principal.IsInRole("Attendee") && principal.Identity.Name.StartsWith("A")) 
     { 
      return true; 
     } 
     else 
     { 
      return false; 
     } 
    } 
} 

Answer 3

一旦用户通过验证后，他可以送

using System; 
using System.Web; 
using System.Web.Mvc; 
using System.Web.Routing; 


    namespace WebApplication1.Models 
    { 
     public class AuthorizeFilter : AuthorizeAttribute 
     { 
      public bool verifyToken(string token) 
      { 
       return false; 
      } 
      protected override bool AuthorizeCore(HttpContextBase httpContext) 
      { 

       // Get the headers 
       var headers = httpContext.Request.Headers; 
       //your token verification 
       if (verifyToken(headers["SomeHeader"])) 
       { 
        return true; 
       } 
       return false; 

      } 



      protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) 
      { 
       try 
       { 
        filterContext.Result = new RedirectToRouteResult(new 
        RouteValueDictionary(new { controller = "Home", action = "NotAuthorzied" })); 
       } 
       catch (Exception ex) 
       { 

       } 
      } 
     } 
    } 

Answer 4

：在请求头令牌，您可以在Authorize过滤一些类似下面的代码检查请求头试试这个：使用这个作为你的控制器方法上的过滤器

public class AuthorizationFilter : AuthorizeAttribute 
{ 

      protected override bool IsAuthorized(HttpActionContext actionContext) 
      { 
       var isAuthenticated = base.IsAuthorized(actionContext); 

       if (isAuthenticated) 
       { 
        var headers = actionContext.Request.Headers; 

        IEnumerable<string> header; 

        headers.TryGetValues("AuthorizationHeaderName", out header); 
        var token = header.GetEnumerator().Current; 

        //validate your token 
        if (tokenVerification(token)) 
        { 
         return true; 
        } 

        return false; 
       } 

      } 

     private bool tokenVerification (string token) 
     { 
      if // valid token 
      return true; 
      else return false; 
     } 

}