如何在asp.net核心api中使用基本身份验证?我下面有asp.net Web API控制器。如何使用中间件进行身份验证或任何其他方法 在ASP.NET Core Web API中实现基本身份验证。
namespace Test.Web.Controllers
{
[Route("api/[controller]")]
public class TestAPIController : Controller
{
// GET: api/<controller>
[HttpGet]
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
// GET api/<controller>/5
[HttpGet("{id}")]
public string Get(int id)
{
return "value";
}
// POST api/<controller>
[HttpPost]
public void Post([FromBody]string value)
{
}
// PUT api/<controller>/5
[HttpPut("{id}")]
public void Put(int id, [FromBody]string value)
{
}
// DELETE api/<controller>/5
[HttpDelete("{id}")]
public void De`enter code here`lete(int id)
{
}
}
}
我见过以下中间件。如何在控制器中使用中间件? 我需要配置任何其他设置吗?
public class AuthenticationMiddleware
{
private readonly RequestDelegate _next;
public AuthenticationMiddleware(RequestDelegate next)
{
_next = next;
}
public async Task Invoke(HttpContext context)
{
string authHeader = context.Request.Headers["Authorization"];
if (authHeader != null && authHeader.StartsWith("Basic"))
{
//Extract credentials
string encodedUsernamePassword = authHeader.Substring("Basic ".Length).Trim();
Encoding encoding = Encoding.GetEncoding("iso-8859-1");
string usernamePassword = encoding.GetString(Convert.FromBase64String(encodedUsernamePassword));
int seperatorIndex = usernamePassword.IndexOf(':');
var username = usernamePassword.Substring(0, seperatorIndex);
var password = usernamePassword.Substring(seperatorIndex + 1);
if(username == "test" && password == "test" )
{
await _next.Invoke(context);
}
else
{
context.Response.StatusCode = 401; //Unauthorized
return;
}
}
else
{
// no authorization header
context.Response.StatusCode = 401; //Unauthorized
return;
}
}
}
答案 0 :(得分:3)
您快到了。
UseMiddleware<YourBasicMiddleware>()
之前添加UseMvc()
即可。 只需添加一个具有公共void Configure(IApplication)
方法的类:
public class BasicFilter
{
public void Configure(IApplicationBuilder appBuilder) {
// note the AuthencitaionMiddleware here is your Basic Authentication Middleware ,
// not the middleware from the Microsoft.AspNetCore.Authentication;
appBuilder.UseMiddleware<AuthenticationMiddleware>();
}
}
现在您可以使用中间件来过滤某些操作:
[Route("api/[controller]")]
[MiddlewareFilter(typeof(BasicFilter))]
[ApiController]
public class TestApiController : ControllerBase
{
// ...
}
现在,当您发送不带身份验证标头的请求时:
GET https://localhost:44371/api/TestApi HTTP/1.1
响应将是:
HTTP/1.1 401 Unauthorized
Server: Kestrel
X-SourceFiles: =?UTF-8?B?RDpccmVwb3J0XDgtMjNcU08uQmFzaWNBdXRoTWlkZGxld2FyZVxXZWJBcHBcV2ViQXBwXGFwaVxUZXN0QXBp?=
X-Powered-By: ASP.NET
Date: Thu, 23 Aug 2018 09:49:24 GMT
Content-Length: 0
并且如果您发送带有基本身份验证标头的请求,
GET https://localhost:44371/api/TestApi HTTP/1.1
Authorization: Basic dGVzdDp0ZXN0
它将执行正确的操作。