public HttpResponseMessage Post(string FirstName, string Password)
{
var content = databasePlaceholder.GetAll().Where(c => c.FirstName == FirstName && c.Password == Password);
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(0, FirstName, DateTime.Now,
DateTime.Now.AddHours(1), true, string.Format("{0}&{1}", FirstName, Password),
FormsAuthentication.FormsCookiePath);
//返回登录结果、用户信息、用户验证票据信息
var oUser = new UserInfo {
bRes = true, UserName = FirstName, Password = Password, Ticket = FormsAuthentication.Encrypt(ticket)
};
//将身份信息保存在session中,验证当前请求是否是有效请求
HttpContext.Current.Session[FirstName] = oUser;
var Data = JsonConvert.SerializeObject(content);
HttpResponseMessageViewModel viewModel = new HttpResponseMessageViewModel()
{
Data = oUser,
StatusCodeDes = "",
IsSuccess = true,
StatusCode = (int)System.Net.HttpStatusCode.OK
};
var response = new HttpResponseMessage
{
Content = new StringContent(JsonConvert.SerializeObject(viewModel), Encoding.UTF8, "application/json"),
};
return(response);
}
//重写基类的验证方式,加入我们自定义的Ticket验证
public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext)
{
//从http请求的头里面获取身份验证信息,验证是否是请求发起方的ticket
var authorization = actionContext.Request.Headers.Authorization;
if ((authorization != null) && (authorization.Parameter != null))
{
//解密用户ticket,并校验用户名密码是否匹配
var encryptTicket = authorization.Parameter;
if (ValidateTicket(encryptTicket))
{
base.IsAuthorized(actionContext);
}
else
{
HandleUnauthorizedRequest(actionContext);
}
}
//如果取不到身份验证信息,并且不允许匿名访问,则返回未验证401
else
{
HttpResponseMessageViewModel viewModel = new HttpResponseMessageViewModel()
{
Data = "用户未登录",
StatusCodeDes = "",
IsSuccess = false,
StatusCode = (int)System.Net.HttpStatusCode.OK
};
var attributes = actionContext.ActionDescriptor.GetCustomAttributes <AllowAnonymousAttribute>().OfType <AllowAnonymousAttribute>();
bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute);
var response = new HttpResponseMessage
{
Content = new StringContent(JsonConvert.SerializeObject(viewModel), Encoding.UTF8, "application/json"),
};
if (isAnonymous)
{
base.OnAuthorization(actionContext);
}
else
{
throw new HttpResponseException(response);
}
//var attributes = actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().OfType<AllowAnonymousAttribute>();
//bool isAnonymous = attributes.Any(a => a is AllowAnonymousAttribute);
//if (isAnonymous) base.OnAuthorization(actionContext);
//else HandleUnauthorizedRequest(actionContext);
}
}
public HttpResponseMessage PostPersonList1(dynamic person)
{
HttpResponseMessageViewModel viewModel = new HttpResponseMessageViewModel()
{
Data = person,
StatusCodeDes = "",
IsSuccess = true,
StatusCode = (int)System.Net.HttpStatusCode.OK
};
var response = new HttpResponseMessage
{
Content = new StringContent(JsonConvert.SerializeObject(viewModel), Encoding.UTF8, "application/json")
};
return(response);
}
public HttpResponseMessage GetPersonByID(int id)
{
HttpResponseMessageViewModel viewModel = new HttpResponseMessageViewModel();
Person person = databasePlaceholder.Get(id);
if (person == null)
{
throw new HttpResponseException(HttpStatusCode.NotFound);
}
viewModel.Data = JsonConvert.SerializeObject(person);
viewModel.IsSuccess = true;
viewModel.StatusCode = (int)System.Net.HttpStatusCode.OK;
var response = new HttpResponseMessage
{
Content = new StringContent(JsonConvert.SerializeObject(viewModel), Encoding.UTF8, "application/json")
};
return(response);
}
public HttpResponseMessage PutPerson(Person person)
{
if (!databasePlaceholder.Update(person))
{
throw new HttpResponseException(HttpStatusCode.NotFound);
}
HttpResponseMessageViewModel viewModel = new HttpResponseMessageViewModel()
{
Data = "更新",
StatusCodeDes = "",
IsSuccess = true,
StatusCode = (int)System.Net.HttpStatusCode.OK
};
var response = new HttpResponseMessage
{
Content = new StringContent(JsonConvert.SerializeObject(viewModel), Encoding.UTF8, "application/json")
};
return(response);
}
//校验用户名密码(正式环境中应该是数据库校验)
private bool ValidateTicket(string encryptTicket)
{
try
{
//解密Ticket
var strTicket = FormsAuthentication.Decrypt(encryptTicket).UserData;
//从Ticket里面获取用户名和密码
var index = strTicket.IndexOf("&");
string strUser = strTicket.Substring(0, index);
string strPwd = strTicket.Substring(index + 1);
if (strUser == "123" && strPwd == "123")
{
return(true);
}
else
{
return(false);
}
}
catch (Exception)
{
HttpResponseMessageViewModel viewModel = new HttpResponseMessageViewModel()
{
Data = "票据错误",
StatusCodeDes = System.Enum.GetName(typeof(HttpStatusCode), HttpStatusCode.NonAuthoritativeInformation),
IsSuccess = false,
StatusCode = (int)System.Net.HttpStatusCode.NonAuthoritativeInformation
};
var response = new HttpResponseMessage
{
Content = new StringContent(JsonConvert.SerializeObject(viewModel), Encoding.UTF8, "application/json"),
};
throw new HttpResponseException(response);
}
}
/// <summary>
/// 获取所有人信息
/// </summary>
/// <returns></returns>
// [Route("GetAllPeople")]
public HttpResponseMessage GetAllPeople()
{
var content = databasePlaceholder.GetAll();
var Data = JsonConvert.SerializeObject(content);
HttpResponseMessageViewModel viewModel = new HttpResponseMessageViewModel()
{
Data = Data,
StatusCodeDes = System.Enum.GetName(typeof(HttpStatusCode), HttpStatusCode.OK),
IsSuccess = true,
StatusCode = (int)HttpStatusCode.OK
};
var response = new HttpResponseMessage
{
Content = new StringContent(JsonConvert.SerializeObject(viewModel), Encoding.UTF8, "application/json")
};
return(response);
}
public HttpResponseMessage DeletePerson(int id)
{
HttpResponseMessageViewModel viewModel = new HttpResponseMessageViewModel()
{
Data = "ID不存在,无法删除",
StatusCodeDes = "",
IsSuccess = false,
StatusCode = (int)HttpStatusCode.OK
};
var response = new HttpResponseMessage
{
Content = new StringContent(JsonConvert.SerializeObject(viewModel), Encoding.UTF8, "application/json")
};
Person person = databasePlaceholder.Get(id);
if (person == null)
{
throw new HttpResponseException(response);
}
databasePlaceholder.Remove(id);
viewModel.Data = "删除";
viewModel.StatusCodeDes = "";
viewModel.IsSuccess = true;
viewModel.StatusCode = (int)HttpStatusCode.OK;
response = new HttpResponseMessage
{
Content = new StringContent(JsonConvert.SerializeObject(viewModel), Encoding.UTF8, "application/json")
};
return(response);
}
