使用aspnet web api進行令牌身份驗證

Question

我是web api的新手，我注意到會話在那裏不受支持。我發現令牌是驗證的最佳方式，但我無法弄清楚如何在我的應用程序中實現它。我發現的一切都沒有幫助，對我來說太複雜了。

是不是有這樣簡單的東西？

Public Sub Login(<FromBody()> ByVal Email As String, <FromBody()> ByVal Password As String) 
    cmd.CommandText = "[dbo].[Login]" 
    cmd.CommandType = Data.CommandType.StoredProcedure 
    cmd.Parameters.Add("@Email", Data.SqlDbType.NVarChar).Value = Email 
    cmd.Parameters.Add("@Password", Data.SqlDbType.NVarChar).Value = Password 
    cmd.Connection.Open() 
    Dim rd As System.Data.SqlClient.SqlDataReader = cmd.ExecuteReader() 
    If rd.HasRows Then 
     While rd.Read() 
      **GENERATE A TOKEN AND LINK TO rd.Item("IdUser")** 
      **Return TOKEN** 
      (previously I would use Session("id") = rd.Item("IdUser")) 
     End While 
     Return "Ok" 
    Else 
     ... 
    End If 
    cmd.Connection.Close() 
    Return True 
End Sub 

Answer 1

好吧，我剛剛得到的東西的工作（感謝阿米特庫馬爾戈什），希望將有人

這有用App_start

Imports System.Net 
Imports System.Net.Http 
Imports System.Net.Http.Headers 
Imports System.Threading 
Imports System.Threading.Tasks 
Imports System.Security.Principal 
Imports System.Web.Security 

Namespace Glossario.MessageHandler 
    Public Class BasicAuthenticationMessageHandler 
     Inherits DelegatingHandler 
     Protected Overrides Function SendAsync(request As HttpRequestMessage, cancellationToken As CancellationToken) As Task(Of HttpResponseMessage) 
      Dim myCredentials As Credentials = Nothing 
      Dim identity As GenericIdentity = Nothing 

      If (request.Headers.Authorization IsNot Nothing) Then 
       myCredentials = ExtractCredentials(request.Headers.Authorization) 
       If IsValidUser(myCredentials) Then 
        identity = New GenericIdentity(myCredentials.UserName, "Basic") 
        request.GetRequestContext().Principal = New GenericPrincipal(identity, New String(-1) {}) 
       End If 
      End If 
      Return MyBase.SendAsync(request, cancellationToken) 
     End Function 

     Private Function ExtractCredentials(authHeader As AuthenticationHeaderValue) As Credentials 
      Dim myCredentials As Credentials = Nothing 
      Try 
       If authHeader.Scheme = "Basic" Then 
        Dim encodedUserPass = authHeader.Parameter.Trim() 
        Dim encoding = System.Text.Encoding.GetEncoding("iso-8859-1") 
        Dim userPass = encoding.GetString(Convert.FromBase64String(encodedUserPass)) 
        Dim parts = userPass.Split(":".ToCharArray()) 

        myCredentials = New Credentials() 
        myCredentials.UserName = parts(0) 
        myCredentials.Password = parts(1) 
       End If 
      Catch ex As Exception 
       myCredentials = Nothing 
      End Try 
      Return myCredentials 
     End Function 

     Private Function IsValidUser(myCredentials As Credentials) As Boolean 
      Dim result As Boolean = False 

      If (myCredentials IsNot Nothing) Then 
        cmd.CommandText = "[dbo].[Login]" 'CHANGE WITH YOUR OWN CODE 
        cmd.CommandType = Data.CommandType.StoredProcedure 
        cmd.Parameters.Add("@Email", Data.SqlDbType.NVarChar).Value = MyCredentials.UserName 
        cmd.Parameters.Add("@Password", Data.SqlDbType.NVarChar).Value = MyCredentials.Password 
        cmd.Connection.Open() 
        Dim rd As System.Data.SqlClient.SqlDataReader = cmd.ExecuteReader() 
        If rd.HasRows Then 
         While rd.Read() 
          Result = True 
         End While 
        End If 
        cmd.Connection.Close() 
      End If 
      Return result 
     End Function 

     Private Class Credentials 
      Public Property UserName() As String 
      Public Property Password() As String 
     End Class 
    End Class 
End Namespace 

在Global.asax中保護小組的Application_Start（）

GlobalConfiguration.Configuration.MessageHandlers.Add(New Glossario.MessageHandler.BasicAuthenticationMessageHandler())