项目中有一个留言消息接口,接收其他系统的留言和展示留言,参考了网上的一些API验证方法,发现使用通用权限管理系统提供的验证方法最完美(http://www.cnblogs.com/jirigala/p/5506022.html)。

下面将实现的完整思路共享

1、WebApiConfig全局处理

    /// <summary>/// WebApiConfig /// 路由基础配置。/// /// /// 修改记录/// ///        2016.11.01 版本:2.0 宋彪 对日期格式进行统一处理。///        2016.10.30 版本:2.0 宋彪 解决json序列化时的循环引用问题。///        2016.10.28 版本:2.0 宋彪 回传响应格式 $format 支持。///        2016.09.01 版本:1.0 宋彪   创建。/// /// 版本:1.0/// /// <author>///        <name>宋彪</name>///        <date>2016.09.01</date>/// </author> /// </summary>public static class WebApiConfig{/// <summary>/// 注册全局配置服务/// </summary>/// <param name="config"></param>public static void Register(HttpConfiguration config){// Web API configuration and services//强制https访问//config.Filters.Add(new ForceHttpsAttribute());// 统一回传格式config.Filters.Add(new ApiResultAttribute());// 发生异常时处理config.Filters.Add(new ApiErrorHandleAttribute());// ToKen身份验证过滤器 更方便 不需要在这里了 具有改标签的就会自动检查//config.Filters.Add(new ApiAuthFilterAttribute());// 解决json序列化时的循环引用问题config.Formatters.JsonFormatter.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore;//对日期格式进行统一处理
            config.Formatters.JsonFormatter.SerializerSettings.Converters.Add(new IsoDateTimeConverter(){DateTimeFormat = "yyyy-MM-dd hh:mm:ss"});// Web API routes 路由
            config.MapHttpAttributeRoutes();config.Routes.MapHttpRoute(name: "DefaultApi",routeTemplate: "api/{controller}/{action}/{id}",defaults: new { id = RouteParameter.Optional });// 干掉XML序列化器//config.Formatters.Remove(config.Formatters.XmlFormatter);//在请求的Url加上 ?$format=xml,便可以指定响应格式config.Formatters.XmlFormatter.AddQueryStringMapping("$format", "xml", "application/xml");config.Formatters.JsonFormatter.AddQueryStringMapping("$format", "json", "application/json");}}

2、身份验证过滤器

    using DotNet.Business;using DotNet.Utilities;using DotNet.Tracking.API.Common;/// <summary>/// ApiAuthFilterAttribute/// 身份验证过滤器,具有ApiAuthFilterAttribute标签属性的方法会自动检查/// /// /// 修改纪录/// /// 2016-10-11 版本:1.0 SongBiao 创建文件。   /// /// <author>///     <name>SongBiao</name>///     <date>2016-10-11</date>/// </author>/// </summary>[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]public class ApiAuthFilterAttribute : AuthorizationFilterAttribute{/// <summary>/// 未授权时的提示信息/// </summary>private const string UnauthorizedMessage = "请求未授权,拒绝访问。";/// <summary>/// 权限进入/// </summary>/// <param name="actionContext"></param>public override void OnAuthorization(HttpActionContext actionContext){base.OnAuthorization(actionContext);// 允许匿名访问if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0)  {return;}string systemCode = APIOperateContext.Current.SystemCode;string permissionCode = APIOperateContext.Current.PermissionCode;string appKey = APIOperateContext.Current.AppKey;string appSecret = APIOperateContext.Current.AppSecret;            if (string.IsNullOrWhiteSpace(appKey) || string.IsNullOrWhiteSpace(appSecret)){//未验证(登录)的用户, 而且是非匿名访问,则转向登录页面  //actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);//actionContext.Response.Content = new StringContent("<p>Unauthorized</p>", Encoding.UTF8, "text/html");var response = actionContext.Response= actionContext.Response?? new HttpResponseMessage();response.StatusCode = HttpStatusCode.Unauthorized;BaseResult result = new BaseResult{Status = false,StatusMessage = UnauthorizedMessage};response.Content = new StringContent(result.ToJson(), Encoding.UTF8, "application/json");}else{// 检查 AppKey 和 AppSecretBaseResult result = BaseServicesLicenseManager.CheckService(appKey, appSecret, false, 0, 0, systemCode, permissionCode);if (!result.Status){var response = actionContext.Response = actionContext.Response?? new HttpResponseMessage();response.Content = new StringContent(result.ToJson(), Encoding.UTF8, "application/json");}}}}

3、统一回传格式

    /// <summary>/// ApiResultAttribute/// 统一回传格式/// /// 修改纪录/// /// 2016-10-31 版本:1.0 宋彪 创建文件。/// /// <author>///     <name>宋彪</name>///     <date>2016-10-31</date>/// </author>/// </summary>public class ApiResultAttribute : ActionFilterAttribute{/// <summary>/// 重写回传的处理/// </summary>/// <param name="actionExecutedContext"></param>public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext){// 快件跟踪接口传的是format,不用走这里if (actionExecutedContext.Request.Properties.ContainsKey("format")){// 若发生例外则不在这边处理 在异常中处理 ApiErrorHandleAttributeif (actionExecutedContext.Exception != null)return;base.OnActionExecuted(actionExecutedContext);var result = new ApiResultModel();// 取得由 API 返回的状态码result.Status = actionExecutedContext.ActionContext.Response.StatusCode;// 取得由 API 返回的资料result.Data = actionExecutedContext.ActionContext.Response.Content.ReadAsAsync<object>().Result;// 重新封装回传格式actionExecutedContext.Response = actionExecutedContext.Request.CreateResponse(result.Status, result);}}}

4、全局异常处理

    using DotNet.Utilities;using DotNet.Tracking.API.Common;using DotNet.Tracking.API.Controllers;using DotNet.Tracking.API.Models;/// <summary>/// ApiErrorHandleAttribute/// 全局异常处理/// /// 修改纪录/// /// 2016-10-31 版本:1.0 宋彪 创建文件。/// /// <author>///     <name>宋彪</name>///     <date>2016-10-31</date>/// </author>/// </summary>public class ApiErrorHandleAttribute : System.Web.Http.Filters.ExceptionFilterAttribute{/// <summary>/// 异常统一处理/// </summary>/// <param name="actionExecutedContext"></param>public override void OnException(System.Web.Http.Filters.HttpActionExecutedContext actionExecutedContext){base.OnException(actionExecutedContext);// 取得发生例外时的错误讯息var errorMessage = actionExecutedContext.Exception.Message;// 异常记录string parameters = APIOperateContext.GetRequestParameters();NLogHelper.Trace(actionExecutedContext.Exception, BaseSystemInfo.SystemCode + " ApiErrorHandleAttribute OnException 完整的请求地址及参数 : " + parameters);// 2016-11-01 加入异常邮件提醒NLogHelper.InfoMail(actionExecutedContext.Exception, BaseSystemInfo.SystemCode + " ApiErrorHandleAttribute OnException 完整的请求地址及参数 : " + parameters);var result = new ApiResultModel(){Status = HttpStatusCode.BadRequest,ErrorMessage = errorMessage};// 重新打包回传的讯息actionExecutedContext.Response = actionExecutedContext.Request.CreateResponse(result.Status, result);}}

5、接口操作的上下文

    using DotNet.Business;using DotNet.Model;using DotNet.Utilities;/// <summary>/// APIOperateContext/// 接口操作的上下文/// 跟上下文有关的一些通用的东西放在这里处理/// /// 修改纪录/// /// 2016-10-31 版本:1.0 宋彪 创建文件。/// /// <author>///     <name>宋彪</name>///     <date>2016-10-31</date>/// </author>/// </summary>public class APIOperateContext{/// <summary>/// 获取当前 操作上下文 (为每个处理浏览器请求的服务器线程 单独创建 操作上下文)/// </summary>public static APIOperateContext Current{get{APIOperateContext oContext = CallContext.GetData(typeof(APIOperateContext).Name) as APIOperateContext;if (oContext == null){oContext = new APIOperateContext();CallContext.SetData(typeof(APIOperateContext).Name, oContext);}return oContext;}}#region Http上下文 及 相关属性/// <summary>/// Http上下文/// </summary>public HttpContext ContextHttp{get{return HttpContext.Current;}}/// <summary>/// 输出对象/// </summary>public HttpResponse Response{get{return ContextHttp.Response;}}/// <summary>/// 请求对象/// </summary>public HttpRequest Request{get{return ContextHttp.Request;}}/// <summary>/// Session对象/// </summary>
        System.Web.SessionState.HttpSessionState Session{get{return ContextHttp.Session;}}#endregion/// <summary>/// 获取全部请求参数,get和post的 简化版/// </summary>public static string GetRequestParameters(){string query = HttpContext.Current.Request.Url.Query;NameValueCollection nvc;string baseUrl;ParseUrl(query, out baseUrl, out nvc);List<string> list = new List<string>() { };foreach (var key in nvc.AllKeys){list.Add(key + "=" + nvc[key]);}var form = HttpContext.Current.Request.Form;foreach (var key in form.AllKeys){list.Add(key + "=" + form[key]);}string result = HttpContext.Current.Request.Url.AbsoluteUri + "?" + string.Join("&", list);return result;}/// <summary>/// 分析 url 字符串中的参数信息/// 针对get请求的/// </summary>/// <param name="url">输入的 URL</param>/// <param name="baseUrl">输出 URL 的基础部分</param>/// <param name="nvc">输出分析后得到的 (参数名,参数值) 的集合</param>public static void ParseUrl(string url, out string baseUrl, out NameValueCollection nvc){if (url == null){throw new ArgumentNullException("url");}nvc = new NameValueCollection();baseUrl = "";if (url == ""){return;}int questionMarkIndex = url.IndexOf('?');if (questionMarkIndex == -1){baseUrl = url;return;}baseUrl = url.Substring(0, questionMarkIndex);if (questionMarkIndex == url.Length - 1){return;}string ps = url.Substring(questionMarkIndex + 1);// 开始分析参数对  Regex re = new Regex(@"(^|&)?(\w+)=([^&]+)(&|$)?", RegexOptions.Compiled);MatchCollection mc = re.Matches(ps);foreach (Match m in mc){nvc.Add(m.Result("$2").ToLower(), m.Result("$3"));}}/// <summary>/// 系统编号/// </summary>public string SystemCode{get{return Request["systemCode"] ?? "Base";}}/// <summary>/// 权限编号/// </summary>public string PermissionCode{get{return Request["permissionCode"];}}/// <summary>/// 访问接口的应用传来AppKey/// </summary>public string AppKey{get{return Request["appKey"];}}/// <summary>/// 访问接口的应用传来AppSecret/// </summary>public string AppSecret{get{return Request["appSecret"];}}private BaseUserInfo _userInfo = null;/// <summary>/// 获取当前用户/// 通过接口AppKey和AppSecret获取的用户/// </summary>/// <returns></returns>public BaseUserInfo UserInfo{get{BaseUserInfo userInfo = null;BaseUserEntity userEntity = BaseUserManager.GetObjectByCodeByCache(AppKey);if (userEntity != null){if (BaseServicesLicenseManager.CheckServiceByCache(userEntity.Id, AppSecret)){userInfo = new BaseUserInfo();userInfo.Id = userEntity.Id;userInfo.RealName = userEntity.RealName;userInfo.UserName = userEntity.UserName;userInfo.IPAddress = Utilities.GetIPAddress(true);}}return userInfo;}}#region 业务库连接/// <summary>/// 业务库连接/// </summary>public static IDbHelper BusinessDbHelper{get{return DbHelperFactory.GetHelper(BaseSystemInfo.BusinessDbType, BaseSystemInfo.BusinessDbConnection);}}#endregion#region 用户中心库连接/// <summary>/// 用户中心库连接/// </summary>public static IDbHelper UserCenterDbHelper{get{return DbHelperFactory.GetHelper(BaseSystemInfo.UserCenterDbType, BaseSystemInfo.UserCenterDbConnection);}}#endregion}

7、统一回传格式实体

    /// <summary>/// ApiResultModel/// 统一回传格式实体/// /// 修改纪录/// /// 2016-10-31 版本:1.0 宋彪 创建文件。/// /// <author>///     <name>宋彪</name>///     <date>2016-10-31</date>/// </author>/// </summary>public class ApiResultModel{public HttpStatusCode Status { get; set; }//public JsonResult<T> Data { get; set; }public object Data { get; set; }public string ErrorMessage { get; set; }}

8、留言相关接口

    /// <summary>/// MessageBookController/// 留言相关接口/// /// 修改纪录/// /// 2016-10-31 版本:1.0 宋彪 创建文件。/// /// <author>///     <name>宋彪</name>///     <date>2016-10-31</date>/// </author>/// </summary>
    [ApiAuthFilter]public class CustomerMessageController : ApiController{/// <summary>/// 保存单号留言信息/// </summary>/// <param name="messageBook"></param>/// <returns></returns>
        [HttpPost]//[AllowAnonymous] 不需要验证的就加这个标签public IHttpActionResult Add([FromBody]MsgbookCusEntity messageBook){BaseResult baseResult = new BaseResult();if (string.IsNullOrWhiteSpace(messageBook.SystemFrom)){baseResult.Status = false;baseResult.StatusMessage = "SystemFrom参数不可为空";}else{try{MsgbookCusManager manager = new MsgbookCusManager(APIOperateContext.BusinessDbHelper, APIOperateContext.Current.UserInfo);MsgbookCusEntity model = new MsgbookCusEntity();model.Id = Guid.NewGuid().ToString("N");model.Message = messageBook.Message;model.SendEmail = messageBook.SendEmail;model.SendTelephone = messageBook.SendTelephone;model.Message = messageBook.Message;model.BillCode = messageBook.BillCode;model.SystemFrom = messageBook.SystemFrom;model.DeletionStateCode = 0;manager.Add(model, false, false);baseResult.Status = true;baseResult.StatusMessage = "添加成功。";}catch (Exception ex){NLogHelper.Warn(ex, "CustomerMessageController AddBillMessage 异常");baseResult.Status = false;baseResult.StatusMessage = "异常:" + ex.Message;}}return Ok(baseResult);}/// <summary>/// 获取某个单号的留言/// </summary>/// <param name="billCode"></param>/// <returns></returns>
        [HttpGet]public IHttpActionResult GetList(string billCode){JsonResult<List<MsgbookCusEntity>> jsonResult = new JsonResult<List<MsgbookCusEntity>>();try{MsgbookCusManager manager = new MsgbookCusManager(APIOperateContext.BusinessDbHelper, APIOperateContext.Current.UserInfo);List<MsgbookCusEntity> list = new List<MsgbookCusEntity>();list = manager.GetList<MsgbookCusEntity>(new KeyValuePair<string, object>(MsgbookCusEntity.FieldBillCode, billCode), new KeyValuePair<string, object>(MsgbookCusEntity.FieldDeletionStateCode, 0));jsonResult.Status = true;jsonResult.RecordCount = list.Count;jsonResult.Data = list;jsonResult.StatusMessage = "获取成功";}catch (Exception ex){NLogHelper.Warn(ex, "CustomerMessageController AddBillMessage 异常");jsonResult.Status = false;jsonResult.StatusMessage = "异常:" + ex.Message;}return Ok(jsonResult);}}

9、接口调用方法

        /// <summary>/// 测试留言接口调用/// </summary>/// <returns></returns>public ActionResult AddCustomerMessage(){string url = "http://192.168.1.88:808/api/CustomerMessage/Add?";WebClient webClient = new WebClient();NameValueCollection postValues = new NameValueCollection();postValues.Add("Message", "填写您的留言内容吧");postValues.Add("SendEmail", "youemail@qq.com");postValues.Add("SendTelephone", "021-60375335");postValues.Add("Code", "661137858");postValues.Add("AppKey", "wssavbcn");postValues.Add("AppSecret", "350e66b1e6564b0a817163erwwwwe8");postValues.Add("SystemFrom", "官网");byte[] responseArray = webClient.UploadValues(url, postValues);string response = Encoding.UTF8.GetString(responseArray);return Content(response);}

转载于:https://www.cnblogs.com/hnsongbiao/p/6025677.html

ASP.NET MVC API 接口验证相关推荐

  1. mvc html validator,ASP.NET MVC实现Validation验证器扩展

    今天介绍在ASP.NET MVC实现Validation验证器扩展,通过使用Controller验证并不是最好的方法:验证过于分散,容易造成重复代码,不利于维护与扩展,因此本节将使用MVC默认绑定器( ...

  2. Asp.net MVC中表单验证

    Asp.net MVC中表单验证 Asp.net MVC中表单验证 在Asp.net MVC 中,View中我们仍然需要对提交的表单进行验证.通常验证分为客户端验证,服务端验证.  客户端验证,我们可 ...

  3. ASP.NET MVC 2 模型验证

    2019独角兽企业重金招聘Python工程师标准>>> [原文地址]ASP.NET MVC 2: Model Validation  [原文发表日期] Friday, January ...

  4. asp.net mvc+httpclient+asp.net mvc api入门篇

    第一步:创建一个ASP.NET MVC API项目 第二步:在api项目里面创建一个类 public class Student{public int Id { get; set; }public s ...

  5. ASP.NET Web API 接口执行时间监控

    软件产品常常会出现这样的情况:产品性能因某些无法预料的瓶颈而受到干扰,导致程序的处理效率降低,性能得不到充分的发挥.如何快速有效地找到软件产品的性能瓶颈,则是我们感兴趣的内容之一. 在本文中,我将解释 ...

  6. ASP.NET MVC数据标记验证

    如果我发布的文章里有错误请各路高手给指出. DataAnnotation提供了一个简单的方式,在应用中的Model和View 类中添加验证规则,在ASP.NET MVC中有自动的绑定和UI辅助方法验证 ...

  7. php api接口验证签名错误,API常用签名验证方法(PHP实现)

    使用场景 现在越来越多的项目使用的前后端分离的模式进行开发,后端开发人员使用API接口传递数据给到前端开发进行处理展示,在一些比较重要的修改数据接口,涉及金钱,用户信息等修改的接口如果不做防护验证,经 ...

  8. 身份证实名认证api接口验证不一致怎么办

    身份证是每个公民从出生那一刻起就拥有的最直接的身份证明,但在互联网飞速发展的今天,越来越多的应用场景需要身份验证,以身份证实名认证接口为基础的网络实名制也引起了各行业的关注,随着实名认证应用场景的多样 ...

  9. ASP.NET Web API身份验证和授权

    英语原文地址:http://www.asp.net/web-api/overview/security/authentication-and-authorization-in-aspnet-web-a ...

最新文章

  1. 机房收费--充值和退卡
  2. java.sql.sqlexception: 无效的名称模式:_PSQLException:错误:关系&ldquo; TABLE_NAME&rdquo;不存在...
  3. SAP CRM WebClient UI注释引起的错误消息:Uncaught SyntaxError - unexpected end of input
  4. Linux进阶之路————crond定时任务调度
  5. Springboot 整合mybatis,实现多数据读写分离分库分表
  6. httpd 中常见的状态码
  7. mysql 导入1045错误_解决MyQL数据库中1045错误的方法——Windows系统
  8. r9270公版bios_换个BIOS再来一次
  9. python5个标准库,列出5个python标准库
  10. 字体如何设计,这几点很重要
  11. 小于n的最大素数python_找到小于n的最大素数,n=~10^230
  12. shader里的uv是什么
  13. Linux shell编程100例
  14. 如何在Node.js中获取本机本地IP地址
  15. web入门 命令执行 web53-web55
  16. 计算机网络概念基础——分组交换
  17. PHP - 表单(FORM)实例
  18. macos docker挂载iso报failed to setup loop device: No such file or directory和mount: permission denied解决
  19. java 获取对象属性值为空或者非空的属性名称
  20. 软件架构师应该知道的97件事

热门文章

  1. jquery实现抽奖系统
  2. [待解决]报错的脚本
  3. Internet上最危险的词语是什么?
  4. 比git更加方便快捷的GitHub 仓库管理工具GitHub desktop
  5. 和中医学习到的养生方法和知识
  6. C# 与 LUA 的经验对比
  7. 注意区分啊~这里求的的事公共子串不是子序列。NOJ308-Substring
  8. 打造LINUX系统安全(早期学习笔记)
  9. Excel基础操作(二)
  10. 一文贯通python文件读取