我想創建一個簡單的DelegatingHandler,將每個請求之前被稱爲
public class AuthorizationDelegatingHandler : DelegatingHandler
{
private const string API_KEY = "8139E7541722F5D91ED8FB15165F4"
protected override async Task<HttpResponseMessage> SendAsync(
HttpRequestMessage request,
CancellationToken cancellationToken)
{
if (request.Headers.Authorization == null)
return request.CreateResponse(HttpStatusCode.Unauthorized);
if (request.Headers.Authorization.Scheme != "Basic")
return request.CreateResponse(HttpStatusCode.Unauthorized);
var authToken = request.Headers.Authorization.Parameter;
var apiKey = Encoding.UTF8.GetString(Convert.FromBase64String(authToken))
.Split(':')
.FirstOrDefault(x => !string.IsNullOrWhiteSpace(x));
if (string.IsNullOrWhiteSpace(apiKey) || apiKey != API_KEY)
return request.CreateResponse(HttpStatusCode.Unauthorized);
return await base.SendAsync(request, cancellationToken);
}
}
我知道使用的是靜態令牌也許不是最好的東西,但它應該給你一個想法。
在你的bootstrap,則需要
GlobalFilters.Filters.Add(new AuthorizationDelegatingHandler());
然後註冊此處理時,你會調用這個API,你可以添加使用Basic
方案Authorization頭。
每個沒有這個頭的請求都會返回一個未經授權的響應。
客戶端應該調用API是這樣的:
var client = new HttpClient
{
BaseAddress = new Uri(API_URL)
};
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
"Basic",
Convert.ToBase64String(Encoding.UTF8.GetBytes("8139E7541722F5D91ED8FB15165F4:")));
什麼是您使用該服務的計劃?您的API是否允許來自該網站的Ajax電話?或者你的網站只是內部的? –