我在请求正文中传递了秘密API密钥以及用户名和密码。授权后,会生成一个令牌,客户端必须在Authorization头中传递该令牌。在每个请求中,基础控制器将检查此令牌。
- 客户端调用myapp.com/authorize以获取授权令牌。
- 客户端在本地存储授权令牌。
- 客户端使用Authorization头调用带有授权令牌的myapp.com/anycontroller。
AuthorizeController继承自控制器。
Anycontroller继承自一个自定义的基础控制器,该控制器执行授权代码。
我的示例需要以下路由,将POST请求指向任何控制器中名为post的ActionResult。我手动输入此内容,以尽可能简化并给您概括基本思路。请不要期望剪切和粘贴即可使用 :)
routes.MapRoute(
"post-object",
"{controller}",
new { controller = "Home", action = "post" {,
new { httpMethod = new HttpMethodConstraint("POST")}
);
你的授权控制器可以使用这个
public class AuthorizationController : Controller
{
public ActionResult Post()
{
string authBody;
var request = ControllerContext.HttpContext.Request;
var response = ControllerContext.HttpContext.Response;
using(var reader = new StreamReader(request.InputStream))
authBody = reader.ReadToEnd();
var authToken = {result of your auth method}
response.Write(authToken);
}
}
你的其他控制器继承自一个基础控制器。
public class BaseController : Controller
{
protected override void Execute(RequestContext requestContext)
{
var request = requestContext.HttpContext.Request;
var response = requestContext.HttpContext.Response;
var authToken = Request.Headers["Authorization"];
var authorized = AmIAuthorized();
if(authorized = false) {
response.StatusCode = 401;
response.Write("Invalid token");
return;
}
response.StatusCode = 200;
base.Execute(requestContext);
}
}
调用API的示例代码
public static void ExecutePostRequest(string contentType)
{
request = (HttpWebRequest)WebRequest.Create(Uri + Querystring);
request.Method = "POST";
request.ContentType = contentType;
request.Headers["Authorization"] = token;
using (StreamWriter writer = new StreamWriter(request.GetRequestStream()))
writer.Write(postRequestData);
try
{
response = (HttpWebResponse)request.GetResponse();
}
catch (WebException ex)
{
response = (HttpWebResponse)ex.Response;
}
finally
{
using (StreamReader reader =
new StreamReader(response.GetResponseStream()))
responseText = reader.ReadToEnd();
httpcontext = HttpContext.Current;
}
}