好吧,我剛剛得到的東西的工作(感謝阿米特庫馬爾戈什),希望將有人
這有用App_start
Imports System.Net
Imports System.Net.Http
Imports System.Net.Http.Headers
Imports System.Threading
Imports System.Threading.Tasks
Imports System.Security.Principal
Imports System.Web.Security
Namespace Glossario.MessageHandler
Public Class BasicAuthenticationMessageHandler
Inherits DelegatingHandler
Protected Overrides Function SendAsync(request As HttpRequestMessage, cancellationToken As CancellationToken) As Task(Of HttpResponseMessage)
Dim myCredentials As Credentials = Nothing
Dim identity As GenericIdentity = Nothing
If (request.Headers.Authorization IsNot Nothing) Then
myCredentials = ExtractCredentials(request.Headers.Authorization)
If IsValidUser(myCredentials) Then
identity = New GenericIdentity(myCredentials.UserName, "Basic")
request.GetRequestContext().Principal = New GenericPrincipal(identity, New String(-1) {})
End If
End If
Return MyBase.SendAsync(request, cancellationToken)
End Function
Private Function ExtractCredentials(authHeader As AuthenticationHeaderValue) As Credentials
Dim myCredentials As Credentials = Nothing
Try
If authHeader.Scheme = "Basic" Then
Dim encodedUserPass = authHeader.Parameter.Trim()
Dim encoding = System.Text.Encoding.GetEncoding("iso-8859-1")
Dim userPass = encoding.GetString(Convert.FromBase64String(encodedUserPass))
Dim parts = userPass.Split(":".ToCharArray())
myCredentials = New Credentials()
myCredentials.UserName = parts(0)
myCredentials.Password = parts(1)
End If
Catch ex As Exception
myCredentials = Nothing
End Try
Return myCredentials
End Function
Private Function IsValidUser(myCredentials As Credentials) As Boolean
Dim result As Boolean = False
If (myCredentials IsNot Nothing) Then
cmd.CommandText = "[dbo].[Login]" 'CHANGE WITH YOUR OWN CODE
cmd.CommandType = Data.CommandType.StoredProcedure
cmd.Parameters.Add("@Email", Data.SqlDbType.NVarChar).Value = MyCredentials.UserName
cmd.Parameters.Add("@Password", Data.SqlDbType.NVarChar).Value = MyCredentials.Password
cmd.Connection.Open()
Dim rd As System.Data.SqlClient.SqlDataReader = cmd.ExecuteReader()
If rd.HasRows Then
While rd.Read()
Result = True
End While
End If
cmd.Connection.Close()
End If
Return result
End Function
Private Class Credentials
Public Property UserName() As String
Public Property Password() As String
End Class
End Class
End Namespace
在Global.asax中保護小組的Application_Start()
GlobalConfiguration.Configuration.MessageHandlers.Add(New Glossario.MessageHandler.BasicAuthenticationMessageHandler())
http://www.asp.net/web-api/overview/security –
好吧,我開始說話了d,在你的鏈接中,我發現這個 http://www.asp.net/web-api/overview/security/basic-authentication 告訴我,如果我明白..這個類被稱爲每個http請求,它會得到用戶名和密碼從身份驗證頭,所以與此我應該發送用戶名和密碼,而不是權利?所以現在我只需要找到一種方法來生成一個令牌,發送給客戶端並保存到數據庫的權利? – StefBoxer
我瞭解身份驗證和令牌如何工作,但我仍然不知道如何實現它,我發現所有資源都太複雜,不適合我的解決方案。 我只需要如何在我的登錄API中生成一個令牌,以及如何在VB – StefBoxer