WebApi的调用-3.Basic验证

webapi里的特性

/// <summary>
    ///  Basic验证   
    /// </summary>
    /// <remarks>
    ///     
    /// </remarks>
    public class BasicAuthorizeAttibute : AuthorizeAttribute
    {
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            var authorization = actionContext.Request.Headers.Authorization; //HTTP标头的Authorization值
            //ActionDescriptor方法上，ActionDescriptor.ControllerDescriptor 类上
            //有[AllowAnonymousAttribute] 的情况下
            if (actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>(true).Count != 0
                || actionContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>(true).Count != 0)
            {
                base.OnAuthorization(actionContext);
            }
            else if (authorization != null && authorization.Parameter != null)
            {
                //用户逻辑验证
                if (ValidateTicket(authorization.Parameter))
                {
                    base.IsAuthorized(actionContext);
                }
                else
                {
                    this.HandleUnauthorizedRequest(actionContext);
                }
            }
            else
            {
                this.HandleUnauthorizedRequest(actionContext);
            }
        }


        /// <summary>
        ///  验证用户逻辑   
        /// </summary>
        /// <param name="encryptTicket" type="string">
        /// 
        /// </param>
        /// 
        private bool ValidateTicket(string encryptTicket)
        {
           // var strTicket = FormsAuthentication.Decrypt(encryptTicket.Remove(encryptTicket.Length - 1).Remove(0, 1));
            var strTicket = FormsAuthentication.Decrypt(encryptTicket);
            return string.Equals(strTicket.UserData, string.Format("{0}&{1}", "admin", "123"));
        }
    }

获取ticket

        [AllowAnonymous]
        [HttpGet]
        public HttpResponseMessage Login(string account, string password)
        {
            Model.User user = new User();
            if (account == "admin" && password == "123")
            {
                FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(0, account, DateTime.Now,
                           DateTime.Now.AddHours(1), true, string.Format("{0}&{1}", account, password),
                           FormsAuthentication.FormsCookiePath);
                return Success(user = new User() { name = account, pass = password, ticket = FormsAuthentication.Encrypt(ticket) });
            }
            else
            {
                return Msg("登录失败");
            }
        }

MVC里面请求头（后台请求）

public string GetApi(string method, string queryString)
        {
            var result = ApiHelper.Instance.RequestApi(method, queryString, GetApiHeader());
            return result;
        }

private WebHeaderCollection GetApiHeader()
        {
            string key = string.Format(GlobalVar.UserTiketCacheKey);
            var result = CacheHelper.CacheReader(key);
            WebHeaderCollection header = new WebHeaderCollection();
            header.Add(HttpRequestHeader.Authorization, "BasicAuth " + result);
            return header;
        }