public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken) { var request = context.Request; var authorization = request.Headers.Authorization; // 如果没认证信息,或类型不同,放弃 if (authorization == null || authorization.Scheme != "Basic") { return; } // 没有认证参数~ 放弃 if (string.IsNullOrEmpty(authorization.Parameter)) { context.ErrorResult = new AuthenticationFailureResult("Missing credentials", request); return; } // 解析用户名密码失败~ 放弃 var userNameAndPasword = ExtractUserNameAndPassword(authorization.Parameter); if (userNameAndPasword == null) { context.ErrorResult = new AuthenticationFailureResult("Invalid credentials", request); return; } var email = userNameAndPasword.Item1; var password = userNameAndPasword.Item2; // 查询登录的用户是谁 var db = new GreatSQLContext(); var userQuery = from u in db.Users where u.Email == email && u.Password == password select u; var user = await userQuery.FirstOrDefaultAsync(cancellationToken); // 找不到?放弃 if (user == null) { context.ErrorResult = new AuthenticationFailureResult("Invalid username or password", request); return; } // var a = new ClaimsPrincipal(new[] { new ClaimsIdentity(new [] { new Claim(ClaimTypes.Name, user.Name) }, "Basic") }); // 最终认证成功,记录授权和认证信息 context.Principal = new SimplePrincipal { Identity = new SimpleIdentity { Name = user.Email, AuthenticationType = "Basic", IsAuthenticated = true, User = user } }; }
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { // 尝试获取认证后获得的授权信息 var simplePrincipal = actionContext.RequestContext.Principal as SimplePrincipal; if (simplePrincipal == null) { return new HttpResponseMessage(HttpStatusCode.Unauthorized) { ReasonPhrase = "No Authentication" } } ; var id = simplePrincipal.Identity as SimpleIdentity; if (id == null) { return new HttpResponseMessage(HttpStatusCode.Unauthorized) { ReasonPhrase = "No Authentication" } } ; var db = new GreatSQLContext(); var ruleGroup = await db.Groups.FindAsync(cancellationToken, id.User.RuleGroupID); // 更新认证数据 id.User.RuleGroup = ruleGroup; var userRule = (Rule)ruleGroup.Rule; if ((userRule & Rule) == 0) { return new HttpResponseMessage(HttpStatusCode.Unauthorized) { ReasonPhrase = "Unauthorized Group" } } ; var responseMessage = await continuation(); return(responseMessage); }