为了保护我的网络API,我在行动声明之前添加了[Authorize],方法如下:
[Route("api/getvPaymentDues")]
[HttpGet]
[Authorize]
public dynamic getData()
{
var vPaymentDues = (from recordset in db.vPaymentDues
select new DTOvPaymentDue
{
UserName = recordset.UserName,
FullName = recordset.FullName,
ContactNum = recordset.ContactNum,
Address = recordset.Address,
AreaName = recordset.AreaName,
ColonyName = recordset.ColonyName,
PackageName = recordset.PackageName,
LastRenewDate = recordset.LastRenewDate,
PackageExpiryDate = recordset.PackageExpiryDate,
InvoiceAmount = recordset.InvoiceAmount,
ReceivedAmount = recordset.ReceivedAmount,
DueInDays = recordset.DueInDays
});
return new { data = vPaymentDues };
}
当我将api称为localhost/api/getvPaymentDues时,它正确地说{"Message":"Authorization has been denied for this request."}
我的问题是如何在请求中发送值(从ajax完成时),以便我的web api获得授权?
答案 0 :(得分:0)
答案:
我在我的应用程序中添加了身份验证(由cookie授权)。这解决了我的问题。
当用户登录时,本地系统中保存了一个cookie,并且(在其生命周期内)确保api调用正在通过身份验证。
不是一个完整的解决方案,但解决了我目前的目的。