Our project was originally used azure of auth certification, is found with the login process is too slow, so I'd get a bar himself, did not expect to do it quite simply, not by a dedicated authentication server Kazakhstan, is a simple Tools.
Verify whether the class log
/// <the Summary> /// certification class inherits /// </ the Summary> public class RequestAuthorizeAttribute: the AuthorizeAttribute { public the override void OnAuthorization (HttpActionContext the ActionContext) { // if authentication is not required or already logged IF (SkipAuthorization (the ActionContext) | | IsLogin (ActionContext)) return ; actionContext.Response = GetResponse (); } /// <Summary> /// returns information of the interface /// </ Summary> Private HttpResponseMessage GetResponse() { var response = ServiceResponse<bool>.WarningResponse(401, CommonConst.Msg_NoLogin, false); return JsonHelper.ToHttpResponseMessage(response); } /// <summary> /// 判断是否匿名使用接口 /// </summary> private static bool SkipAuthorization(HttpActionContext actionContext) { if (!actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any<AllowAnonymousAttribute>()) return actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Any<AllowAnonymousAttribute>(); return true; } /// <summary> /// 是否已经登录 /// </summary> private bool IsLogin(HttpActionContext actionContext) { var authorization = Guid.Empty.ToString(); // MD5值 if (actionContext.Request.Headers.Authorization != null) { authorization = actionContext.Request.Headers.Authorization.ToString(); } var user = OperatorProvider.Provider.GetCurrent(authorization); return user != null; } }
use
Login interface data caching, after obtaining the user information, a guid as token, each token log is regenerated, is returned to the source of the request, web end only can save the token values, each time the token into the request header inside .
BaseApiController processing, acquires the value token header inside, into the cache and the user information, into the base class in the model obtained from the cache, the user can use the subclass information.
[RequestAuthorize] public class BaseApiController : ApiController { /// <summary> /// 当前用户信息实体 /// </summary> public OperatorModel CurrentUserModel { get { var values = HttpContext.Current.Request.Headers.GetValues("authorization"); var authorization=Guid.Empty.ToString(); if (values != null && values.Length > 0) authorization = values[0]; var currentUserModel = OperatorProvider.Provider.GetCurrent(authorization); if (currentUserModel == null) { currentUserModel = new OperatorModel { LoginName = "admin" }; } return currentUserModel; } } }