我正在创建.Net Core API,但遇到一个问题,我想在密码中保留'$'特殊字符。
我不知道为什么,当我在请求URL中执行post方法时,将其更改为%24
我尝试更改Normalize的用法,但没有用...
由员工控制器调用的身份验证控制器:
public static class AuthenticationController
{
private class SafeTokenHandle : SafeHandleZeroOrMinusOneIsInvalid
{
private SafeTokenHandle() // called by P/Invoke
: base(true)
{
}
protected override bool ReleaseHandle()
{
return CloseHandle(this.handle);
}
}
private enum LogonType : uint
{
Network = 3, // LOGON32_LOGON_NETWORK
}
private enum LogonProvider : uint
{
WinNT50 = 3, // LOGON32_PROVIDER_WINNT50
}
[DllImport("kernel32.dll", SetLastError = true)]
private static extern bool CloseHandle(IntPtr handle);
[DllImport("advapi32.dll", SetLastError = true)]
private static extern bool LogonUser(
string userName, string domain, string password,
LogonType logonType, LogonProvider logonProvider,
out SafeTokenHandle token);
public static void AuthenticateUser(string userName, string password)
{
string domain = "domain";
string parts = domain + userName;
SafeTokenHandle token;
if (LogonUser(userName, domain, password, LogonType.Network, LogonProvider.WinNT50, out token))
token.Dispose();
else
throw new Win32Exception(); // calls Marshal.GetLastWin32Error()
}
}
员工控制者:
[Route("api/[controller]")]
[ApiController]
public class EmployeeController : Controller
{
private readonly intranetApplicationAPIContext _context;
public EmployeeController(intranetApplicationAPIContext context)
{
_context = context;
}
[HttpPost]
public ActionResult GetEmployee(string username , string password)
{
try
{
AuthenticationController.AuthenticateUser(username, password);
return Ok(username +"-"+ password);
}
catch (Win32Exception ex)
{
switch (ex.NativeErrorCode)
{
case 1326: // ERROR_LOGON_FAILURE (incorrect user name or password)
return BadRequest("Error code : "+ex.NativeErrorCode+" Incorrect username or password");
case 1327: // ERROR_ACCOUNT_RESTRICTION
return BadRequest("Error code : " + ex.NativeErrorCode + " Account restriction");
case 1330: // ERROR_PASSWORD_EXPIRED
return BadRequest("Error code : " + ex.NativeErrorCode + " Password expired");
case 1331: // ERROR_ACCOUNT_DISABLED
return BadRequest("Error code : " + ex.NativeErrorCode + " Account disabled");
case 1907: // ERROR_PASSWORD_MUST_CHANGE
return BadRequest("Error code : " + ex.NativeErrorCode + " Password must change");
case 1909: // ERROR_ACCOUNT_LOCKED_OUT
return BadRequest("Error code : " + ex.NativeErrorCode + " Account locked out");
default: // Other
return BadRequest("An error has occured");
;
}
}
}
}
答案 0 :(得分:0)
不建议在url中发送密码或用户私人信息。(收听网络的人可以看到请求url并窃取用户密码)您可以在发布请求的正文中发送这些信息,以免遇到编码问题并安全地实现处理过程< / p>