La la la la la la
// base.OnAuthorization (), inside this method, call IsAuthorized () to determine whether to authorize, if an unauthorized call HandleUnauthorizedRequest () method // base.IsAuthorized (), to determine Principal, Identity is empty, empty the unauthorized / / base.HandleUnauthorizedRequest (), this method creates internal Response, the status code 401; // public class BasicAuthorize: the AuthorizeAttribute { public the override void OnAuthorization (HttpActionContext ActionContext) { var AuthenticationHeader = actionContext.Request.Headers.Authorization; IF (actionContext.ActionDescriptor .GetCustomAttributes <AllowAnonymousAttribute> ( to true ) .Count> 0 ActionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes || <AllowAnonymousAttribute> ( to true ) .Count> 0 ) { // if AllowAnonymous characteristics, does not check Base .OnAuthorization (ActionContext); } the else IF ! (AuthenticationHeader = null && authenticationHeader.Scheme == " Basic " &&! String .IsNullOrEmpty (authenticationHeader.Parameter)) { var userNameAndPassword = GetUserNameAndPassword (authenticationHeader.Parameter); // add here username and password validation logic if (userNameAndPassword.Item1 == "zhangsan" && userNameAndPassword.Item2 == "123") { actionContext.RequestContext.Principal = null;//这里自己实现一下 } else { base.HandleUnauthorizedRequest(actionContext); } } else { base.HandleUnauthorizedRequest(actionContext); } } private Tuple<string, string> GetUserNameAndPassword(string authenticationParameter) { if (!string.IsNullOrWhiteSpace(authenticationParameter)) { var data = Encoding.ASCII.GetString(Convert.FromBase64String(authenticationParameter)).Split(':'); return new Tuple<string, string>(data[0], data[1]); } return null; } }
Add Filter
public static void Register(HttpConfiguration config) { // Web API 配置和服务 RegisterFilters(config.Filters); } public static void RegisterFilters(HttpFilterCollection filters) { filters.Add(new BasicAuthorize()); }