如果你只是想確保你的網站是在有限的觀衆(如測試用戶)訪問的最簡單的將是對現有的身份驗證的頂部添加Basic或Digest認證。
實現它作爲一個ActionFilterAttribute
,如果你的部署方案(生產與升級等),將其添加到您的全局過濾收集呼籲保護:
public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
bool basicAuthenticationEnabled = true; // AppSettings etc.
if (basicAuthenticationEnabled)
filters.Add(new BasicAuthenticationAttribute());
filters.Add(new HandleErrorAttribute())
}
相應BasicAuthenticationAttribute
類的實現可以看看這個:
public class BasicAuthenticationAttribute : ActionFilterAttribute
{
private const string Realm = "MyRealm";
private const string UserName = "MyUserName";
private const string Password = "MyPassword";
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var authorizationHeader = filterContext.RequestContext.HttpContext.Request.Headers["Authorization"];
if (authorizationHeader != null && authorizationHeader.StartsWith("Basic"))
{
var credentials = Encoding.ASCII.GetString(
Convert.FromBase64String(authorizationHeader.Substring(6))
).Split(':');
if (credentials[0].Equals(UserName) && credentials[1].Equals(Password))
{
base.OnActionExecuting(filterContext);
return;
}
}
// send require authentication
var response = filterContext.HttpContext.Response;
response .StatusCode = 401;
response .AddHeader("WWW-Authenticate", String.Format("Basic realm=\"{0}\"", Realm));
response .End();
}
}
總之,我強烈建議使用的摘要式身份驗證,因爲它之前應用哈希函數密碼通過網絡發送,至少比安全發送明文的基本訪問認證更安全。
你可以找到一個DigestAuthorizationAttribute
類和更多的信息在這裏的implememtation: