ASP.NET MVC—WebAPI(调用、授权)

来源:互联网 时间:1970-01-01

本系列目录:ASP.NET MVC4入门到精通系列目录汇总

微软有了Webservice和WCF,为什么还要有WebAPI?

用过WCF的人应该都清楚,面对那一大堆复杂的配置文件,有时候一出问题,真的会叫人抓狂。而且供不同的客户端调用不是很方便。不得不承认WCF的功能确实非常强大,可是有时候我们通常不需要那么复杂的功能,只需要简单的仅通过使用Http或Https来调用的增删改查功能,这时,WebAPI应运而生。那么什么时候考虑使用WebAPI呢?

当你遇到以下这些情况的时候,就可以考虑使用Web API了。

  • 需要Web Service但是不需要SOAP
  • 需要在已有的WCF服务基础上建立non-soap-based http服务
  • 只想发布一些简单的Http服务,不想使用相对复杂的WCF配置
  • 发布的服务可能会被带宽受限的设备访问
  • 希望使用开源框架,关键时候可以自己调试或者自定义一下框架

熟悉MVC的朋友你可能会觉得Web API 与MVC很类似。

Demo

1、新建项目,WebApi

2、新建类Product

 public class Product { public int Id { get; set; } public string Name { get; set; } public string Category { get; set; } public decimal Price { get; set; } }

3、新建控制器Products,为了演示,我这里不连接数据库,直接代码中构造假数据

using System.Net.Http;using System.Web.Http;

public class ProductsController : ApiController { Product[] products = new Product[] { new Product { Id = 1, Name = "Tomato Soup", Category = "Groceries", Price = 1 }, new Product { Id = 2, Name = "Yo-yo", Category = "Toys", Price = 3.75M }, new Product { Id = 3, Name = "Hammer", Category = "Hardware", Price = 16.99M } }; public IEnumerable<Product> GetAllProducts() { return products; } public IHttpActionResult GetProduct(int id) { var product = products.FirstOrDefault((p) => p.Id == id); if (product == null) { return NotFound(); } return Ok(product); } }

4、新建Index.html来测试WebAPI的调用,代码如下:

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head> <title>Product App</title></head><body> <div> <h2>All Products</h2> <ul id="products" /> </div> <div> <h2>Search by ID</h2> <input type="text" id="prodId" size="5" /> <input type="button" value="Search" onclick="find();" /> <p id="product" /> </div> <script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-2.0.3.min.js"></script> <script> var uri = 'api/products'; $(document).ready(function () { $.getJSON(uri) .done(function (data) { $.each(data, function (key, item) { $('<li>', { text: formatItem(item) }).appendTo($('#products')); }); }); }); function formatItem(item) { return item.Name + ': $' + item.Price; } function find() { var id = $('#prodId').val(); $.getJSON(uri + '/' + id) .done(function (data) { $('#product').text(formatItem(data)); }) .fail(function (jqXHR, textStatus, err) { $('#product').text('Error: ' + err); }); } </script></body></html>

运行结果如下:

WebAPI授权

1、新建授权过滤器类APIAuthorizeAttribute.cs

/* ============================================================================== * 功能描述:APIAuthorizeAttribute * 创 建 者:Zouqj * 创建日期:2015/11/3 11:37:45 ==============================================================================*/using System;using System.Collections.Generic;using System.Linq;using System.Net;using System.Net.Http;using System.Security.Principal;using System.Text;using System.Threading;using System.Web;using System.Web.Http.Filters;using Uuch.HP.WebAPI.Helper;namespace Uuch.HP.WebAPI.Filter{ public class APIAuthorizeAttribute : AuthorizationFilterAttribute { public override void OnAuthorization(System.Web.Http.Controllers.HttpActionContext actionContext) { //如果用户使用了forms authentication,就不必在做basic authentication了 if (Thread.CurrentPrincipal.Identity.IsAuthenticated) { return; } var authHeader = actionContext.Request.Headers.Authorization; if (authHeader != null) { if (authHeader.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase) && !String.IsNullOrWhiteSpace(authHeader.Parameter)) { var credArray = GetCredentials(authHeader); var userName = credArray[0]; var key = credArray[1]; string ip = System.Web.HttpContext.Current.Request.UserHostAddress; //if (IsResourceOwner(userName, actionContext)) //{ //You can use Websecurity or asp.net memebrship provider to login, for //for he sake of keeping example simple, we used out own login functionality if (APIAuthorizeInfoValidate.ValidateApi(userName,key,ip))//Uuch.HPKjy.Core.Customs.APIAuthorizeInfo.GetModel(userName, key, ip) != null { var currentPrincipal = new GenericPrincipal(new GenericIdentity(userName), null); Thread.CurrentPrincipal = currentPrincipal; return; } //} } } HandleUnauthorizedRequest(actionContext); } private string[] GetCredentials(System.Net.Http.Headers.AuthenticationHeaderValue authHeader) { //Base 64 encoded string var rawCred = authHeader.Parameter; var encoding = Encoding.GetEncoding("iso-8859-1"); var cred = encoding.GetString(Convert.FromBase64String(rawCred)); var credArray = cred.Split(':'); return credArray; } private bool IsResourceOwner(string userName, System.Web.Http.Controllers.HttpActionContext actionContext) { var routeData = actionContext.Request.GetRouteData(); var resourceUserName = routeData.Values["userName"] as string; if (resourceUserName == userName) { return true; } return false; } private void HandleUnauthorizedRequest(System.Web.Http.Controllers.HttpActionContext actionContext) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized); actionContext.Response.Headers.Add("WWW-Authenticate", "Basic Scheme='eLearning' location='http://localhost:8323/APITest'"); } }}

2、添加验证方法类APIAuthorizeInfoValidate.cs

using Newtonsoft.Json;/* ============================================================================== * 功能描述:APIAuthorizeInfoValidate * 创 建 者:Zouqj * 创建日期:2015/11/3 16:26:10 ==============================================================================*/using System;using System.Collections.Generic;using System.Linq;using System.Web;namespace Uuch.HP.WebAPI.Helper{ public class APIAuthorizeInfo { public string UserName { get; set; } public string Key { get; set; } } public class APIAuthorizeInfoValidate { public static bool ValidateApi(string username, string key, string ip) { var _APIAuthorizeInfo = JsonConvert.DeserializeObject <List<APIAuthorizeInfo>>(WebConfigHelper.ApiAuthorize); var ips = WebConfigHelper.IPs.Contains(",") ? WebConfigHelper.IPs.Split(',') : new string[] { WebConfigHelper.IPs }; if (_APIAuthorizeInfo != null && _APIAuthorizeInfo.Count > 0) { foreach (var v in _APIAuthorizeInfo) { if (v.UserName == username && v.Key == key && ips.Contains(ip)) { return true; } } } return false; } }}

3、把添加到全局过滤器中,这里要注意了,不要添加到FilterConfig.cs,而要添加到WebApiConfig.cs,因为FilterConfig是MVC用的,我们这里是WebAPI。

 public static class WebApiConfig { public static void Register(HttpConfiguration config) { config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); config.Filters.Add(new APIAuthorizeAttribute()); } }

使用C#来调用WebAPI

以下用到的几个类,已经被我封装好了,可以直接使用。

1、新建webAPI站点,然后新建控制器RProducts

 public class RProductsController : ApiController { /// <summary> /// 备案商品回执记录回调接口 /// </summary> /// <param name="lst"></param> /// <returns></returns> public int Put(List<RProduct> lst) { return ReceiptInfo.UpdateReceiptProductInfo(lst); } }

2、新建类WebApiClient.cs

using System;using System.Collections.Generic;using System.Linq;using System.Net;using System.Net.Http;using System.Net.Http.Headers;using System.Text;using DBHelper.Entitys;namespace DBHelper{ public static class WebApiClient<T> { static void SetBasicAuthorization(HttpClient client) { HttpRequestHeaders header=client.DefaultRequestHeaders; string user = ConfigHelper.UserName; string key = ConfigHelper.Key; Encoding encoding = Encoding.UTF8; // Add an Accept header for JSON format. // 为JSON格式添加一个Accept报头 client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); //Base64编码 var data = Convert.ToBase64String(encoding.GetBytes(user + ":" + key)); //设置AuthenticationHeaderValue header.Authorization = new AuthenticationHeaderValue("Basic", data); //通过HttpRequestHeaders.Add //header.Add("Authorization", "Basic " + data); } public static List<T> GetAll(string url) { List<T> li = new List<T>(); HttpClient client = new HttpClient(); SetBasicAuthorization(client); // List all products. // 列出所有产品 HttpResponseMessage response = client.GetAsync(url).Result;// Blocking call(阻塞调用)! if (response.IsSuccessStatusCode) { // Parse the response body. Blocking! // 解析响应体。阻塞! li = response.Content.ReadAsAsync<List<T>>().Result; } else { Console.WriteLine("{0} ({1})", (int)response.StatusCode, response.ReasonPhrase); } return li; } public static T GetByFilter(string url) { T entity = default(T); HttpClient client = new HttpClient(); SetBasicAuthorization(client); // List all products. // 列出所有产品 HttpResponseMessage response = client.GetAsync(url).Result;// Blocking call(阻塞调用)! if (response.IsSuccessStatusCode) { // Parse the response body. Blocking! // 解析响应体。阻塞! entity = response.Content.ReadAsAsync<T>().Result; } return entity; } public static T Get(string url,string id) { T entity=default(T); HttpClient client = new HttpClient(); SetBasicAuthorization(client); // List all products. // 列出所有产品 HttpResponseMessage response = client.GetAsync(string.Format("{0}/{1}",url,id)).Result;// Blocking call(阻塞调用)! if (response.IsSuccessStatusCode) { // Parse the response body. Blocking! // 解析响应体。阻塞! entity = response.Content.ReadAsAsync<T>().Result; } return entity; } public static bool Edit(string url,List<int> value) { HttpClient client = new HttpClient(); SetBasicAuthorization(client); var response = client.PutAsJsonAsync(url,value).Result; if (response.IsSuccessStatusCode) { return true; } else { return false; } } public static bool Edit(string url, Dictionary<int, string> dic) { HttpClient client = new HttpClient(); SetBasicAuthorization(client); var response = client.PutAsJsonAsync(url, dic).Result; if (response.IsSuccessStatusCode) { return true; } else { return false; } } public static bool EditModel(string url, List<T> value) { HttpClient client = new HttpClient(); SetBasicAuthorization(client); var response = client.PutAsJsonAsync(url, value).Result; if (response.IsSuccessStatusCode) { return true; } else { return false; } } public static List<TI> GetList<TI>(string url, List<int> value) { List<TI> list = new List<TI>(); HttpClient client = new HttpClient(); SetBasicAuthorization(client); var response = client.PostAsJsonAsync(url, value).Result; if (response.IsSuccessStatusCode) { list = response.Content.ReadAsAsync<List<TI>>().Result; } else { list = new List<TI>(); } return list; } }}

3、新建类BaseEntity.cs

using NHibernate;using NHibernate.Criterion;using System;using System.Collections.Generic;using System.Configuration;using System.Data.Common;using System.Linq;using System.Text;namespace DBHelper{ public abstract class BaseEntity<T, TID> where T : BaseEntity<T, TID> { #region 属性 /// <summary> /// 编号 /// </summary> public string V_PreInvtId { get; set; } /// <summary> /// 回执状态 /// </summary> public int V_OpResult { get; set; } /// <summary> /// 操作时间 /// </summary> public DateTime D_optime { get; set; } /// <summary> /// 备注 /// </summary> public string V_NoteS { get; set; } #endregion public virtual TID ID { get; set; } #region /// <summary> /// Session配置文件路径 /// </summary> protected static readonly string SessionFactoryConfigPath = System.IO.Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "NHibernate.config"); /// <summary> /// 返回对应的Session. /// </summary> protected static ISession NHibernateSession { get { return NHibernateSessionManager.Instance.GetSessionFrom(SessionFactoryConfigPath); } } #endregion #region common /// <summary> /// 根据ID从数据库获取一个类型为T的实例 /// </summary> public static T GetById(TID id, bool shouldLock) { T entity; if (shouldLock) { entity = NHibernateSession.Get<T>(id, LockMode.Upgrade); } else { entity = NHibernateSession.Get<T>(id); } return entity; } /// <summary> /// 根据ID从数据库获取一个类型为T的实例 /// </summary> public static T GetById(TID id) { return GetById(id, false); } /// <summary> /// 获取所有的类型为T的对象 /// </summary> public static IList<T> GetAll() { return GetByCriteria(); } /// <summary> /// 根据给定的 <see cref="ICriterion" /> 来查询结果 /// 如果没有传入 <see cref="ICriterion" />, 效果与 <see cref="GetAll" />一致. /// </summary> public static IList<T> GetByCriteria(params ICriterion[] criterion) { ICriteria criteria = NHibernateSession.CreateCriteria(typeof(T)); foreach (ICriterion criterium in criterion) { criteria.Add(criterium); } criteria.AddOrder(new Order("ID", false)); return criteria.List<T>(); } #endregion #region entity /// <summary> /// 根据exampleInstance的属性值来查找对象,返回与其值一样的对象对表。 /// exampleInstance中值为0或NULL的属性将不做为查找条件 /// </summary> /// <param name="exampleInstance">参考对象</param> /// <param name="propertiesToExclude">要排除的查询条件属性名</param> /// <returns></returns> public virtual IList<T> GetByExample(T exampleInstance, params string[] propertiesToExclude) { ICriteria criteria = NHibernateSession.CreateCriteria(exampleInstance.GetType()); Example example = Example.Create(exampleInstance); foreach (string propertyToExclude in propertiesToExclude) { example.ExcludeProperty(propertyToExclude); } example.ExcludeNone(); example.ExcludeNulls(); example.ExcludeZeroes(); criteria.Add(example); criteria.AddOrder(new Order("ID", false)); return criteria.List<T>(); } /// <summary> /// 使用<see cref="GetByExample"/>来返回一个唯一的结果,如果结果不唯一会抛出异常 /// </summary> /// <exception cref="NonUniqueResultException" /> public virtual T GetUniqueByExample(T exampleInstance, params string[] propertiesToExclude) { IList<T> foundList = GetByExample(exampleInstance, propertiesToExclude); if (foundList.Count > 1) { throw new NonUniqueResultException(foundList.Count); } if (foundList.Count > 0) { return foundList[0]; } else { return default(T); } } /// <summary> /// 将指定的对象保存到数据库,并立限提交,并返回更新后的ID /// See http://www.hibernate.org/hib_docs/reference/en/html/mapping.html#mapping-declaration-id-assigned. /// </summary> //public virtual T Save() //{ // T entity = (T)this; // NHibernateSession.Save(entity); // NHibernateSession.Flush(); // return entity; //} /// <summary> /// 将指定的对象保存或更新到数据库,并返回更新后的ID /// </summary> //public virtual T Merge() //{ // T entity = (T)this; // NHibernateSession.Merge<T>(entity); // NHibernateSession.Flush(); // return entity; //} ///// <summary> ///// 从数据库中删除指定的对象 ///// </summary> //public virtual void Delete() //{ // T entity = (T)this; // NHibernateSession.Delete(entity); // NHibernateSession.Flush(); //} public virtual DbTransaction BeginTransaction() { ITransaction tran = NHibernateSession.BeginTransaction();// NHibernateSessionManager.Instance.BeginTransactionOn(SessionFactoryConfigPath); return new DbTransaction(tran); } /// <summary> /// 提交所有的事务对象,并Flush到数据库 /// </summary> public virtual void CommitChanges() { if (NHibernateSessionManager.Instance.HasOpenTransactionOn(SessionFactoryConfigPath)) { NHibernateSessionManager.Instance.CommitTransactionOn(SessionFactoryConfigPath); } else { // 如果不是事务模式,就直接调用Flush来更新 NHibernateSession.Flush(); } } #endregion #region WebApi获取数据 public static string Url { get { string url = System.Configuration.ConfigurationManager.AppSettings[typeof(T).Name]; if (string.IsNullOrEmpty(url)) { throw new Exception(string.Format("“{0}”未包含URL配置", typeof(T).Name)); } return url; } } public static List<T> GetAllBySource() { return WebApiClient<T>.GetAll(Url); } public static void EditBySource(List<int> value) { WebApiClient<T>.Edit(Url, value); } public static void EditBySource(Dictionary<int, string> dic) { WebApiClient<T>.Edit(Url, dic); } public static T GetOneBySource(string id) { return WebApiClient<T>.Get(Url, id); } public static void EditBySourceByModel(List<T> value) { WebApiClient<T>.EditModel(Url, value); } #endregion } public class DbTransaction : IDisposable { ITransaction _transaction; public DbTransaction(ITransaction transaction) { _transaction = transaction; } #region IDisposable 成员 public void Dispose() { Dispose(true); GC.SuppressFinalize(this); } protected virtual void Dispose(bool disposing) { if (disposing) { _transaction.Dispose(); _transaction = null; } } #endregion #region ITransaction 成员 public void Begin(System.Data.IsolationLevel isolationLevel) { _transaction.Begin(isolationLevel); } public void Begin() { _transaction.Begin(); } public void Commit() { _transaction.Commit(); } public void Enlist(System.Data.IDbCommand command) { _transaction.Enlist(command); } public bool IsActive { get { return _transaction.IsActive; } } public void RegisterSynchronization(NHibernate.Transaction.ISynchronization synchronization) { _transaction.RegisterSynchronization(synchronization); } public void Rollback() { _transaction.Rollback(); } public bool WasCommitted { get { return _transaction.WasCommitted; } } public bool WasRolledBack { get { return _transaction.WasRolledBack; } } #endregion }}

4、调用代码:

 List<EProducts> list = DBHelper.Entitys.EProducts.GetAllBySource();

在调用WebAPI之前,记得先运行WebAPI站点。

当我们的WebAPI站点开发完成之后,我们可以使用Nuget安装一个插件自动生成API文档,这个插件同时还支持WebAPI在线测试的。



相关阅读:
Top