XS202202187439-XS202209198020/ProjectManagementSystem.WebApi/Auth/BasicAuthorizeAttribute.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Web.Http;

namespace ProjectManagementSystem.WebApi.Auth
{
    /// <summary>
    /// 自定义此特性用于接口的身份验证
    /// BasicAuth基本身份验证
    /// </summary>
    public class BasicAuthorizeAttribute : AuthorizeAttribute
    {
        //重写基类的验证方式，加入我们自定义的Ticket验证
        public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
        {
            //从http请求的头里面获取身份验证信息，验证是否是请求发起方的ticket
            var authorization = actionContext.Request.Headers.Authorization;
            if ((authorization != null) && (authorization.Parameter != null))
            {
                //解密用户ticket,并校验用户名密码是否匹配
                var encryptTicket = authorization.Parameter;
                if (ValidateTicket(encryptTicket))
                {
                    base.IsAuthorized(actionContext);
                }
                else
                {
                    HandleUnauthorizedRequest(actionContext);
                }
            }
            //如果取不到身份验证信息，并且不允许匿名访问，则返回未验证401
            else
            {
                var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>();
                bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute);
                if (isAnonymous) base.OnAuthorization(actionContext);
                else HandleUnauthorizedRequest(actionContext);
            }
        }

        //校验用户名密码（正式环境中应该是数据库校验）
        private bool ValidateTicket(string encryptTicket)
        {
            //解密Ticket
            //var strTicket = FormsAuthentication.Decrypt(encryptTicket).UserData;
            //var strTicket = "";

            ////从Ticket里面获取用户名和密码
            //var index = strTicket.IndexOf("&");
            //string strUser = strTicket.Substring(0, index);
            //string strPwd = strTicket.Substring(index + 1);

            //解密Ticket
            var credentials = Encoding.UTF8.GetString(Convert.FromBase64String(encryptTicket));
            var data = credentials.Split(':');
            if (data.Length != 2)
            {
                return false;
            }
            string strUser = data[0];
            string strPwd = data[1];

            if (strUser == "admin" && strPwd == "123456")
            {
                return true;
            }
            else
            {
                return false;
            }
        }
    }
}