要在C# Web API中添加授权,可以使用OAuth 2.0授权框架来实现。首先需要安装Microsoft.AspNet.WebApi.OAuth包,并在WebApiConfig中配置OAuth授权。
以下是一个简单的示例:
首先在NuGet包管理器中安装Microsoft.AspNet.WebApi.OAuth包:
Install-Package Microsoft.AspNet.WebApi.OAuth
然后在WebApiConfig中配置OAuth授权:
public static class WebApiConfig { public static void Register(HttpConfiguration config) { // 配置OAuth授权 config.SuppressDefaultHostAuthentication(); config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType)); // 配置Web API路由 config.MapHttpAttributeRoutes(); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); } } 接下来,创建一个继承自OAuthAuthorizationServerProvider的类来实现OAuth授权逻辑:
public class CustomOAuthProvider : OAuthAuthorizationServerProvider { public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { context.Validated(); } public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { // 验证用户名和密码 if (context.UserName == "admin" && context.Password == "admin") { var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); context.Validated(identity); } else { context.SetError("invalid_grant", "The username or password is incorrect."); return; } } } 最后在Global.asax.cs中注册OAuth授权服务:
protected void Application_Start() { GlobalConfiguration.Configure(WebApiConfig.Register); // 配置OAuth授权服务 var oAuthServerOptions = new OAuthAuthorizationServerOptions { AllowInsecureHttp = true, TokenEndpointPath = new PathString("/token"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), Provider = new CustomOAuthProvider() }; app.UseOAuthAuthorizationServer(oAuthServerOptions); app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); } 这样就可以在C# Web API中添加授权,并使用Swagger进行文档化。
