如何使用这个auth tokencookie [英] how to use this auth tokencookie
问题描述
我想保护web api,因为我正在使用nugget包webapitokenauth(bootstrap)。
因此,我根据自己的需要修改了authcontroller,即使用sql数据库对用户进行身份验证在cookie中将该用户的用户ID,用户名和角色作为令牌返回。
我在fiddler中检查登录方法,它在有效用户上返回200 ok状态代码,为未授权用户返回401.但是当我尝试通过html页面中的ajax get方法调用该方法+ jquery ajax得到它返回的401未经授权的错误。
所以这里在我的控制器方法和javascript代码:
Auth控制器:
I want to secure web api for that i am using nugget package webapitokenauth(bootstrap).
So for that i have modified authcontroller as per my needs that is i am authenticating user with sql database and returning userid, username, and role for that user in cookies as token.
I check that login method in fiddler its returning 200 ok status code on valid user and 401 for unauthorized user.but when i am trying to call that method via ajax get method in html page +jquery ajax get its returning 401 unauthorized error.
So here in my controller method and javascript code:
Auth controller:
[HttpGet]
[TokenAuthentication(AccessLevel.Anonymous)]
public HttpResponseMessage PostLogin([FromBody]LoginviewModel user)
{
if (user == null || user.UserName == null || user.Password == null)
{
return Error("Please enter username or password.");
}
IUserInfo userinfo = new UserInfo();
var currentuser = userinfo.Checkuser(user.UserName,user.Password);
if (currentuser == null)
{
return Error("Bad username or password.");
}
UserData.Userid = currentuser.UserId;
UserData.username = user.UserName.ToString();
UserData.role = currentuser.Role;
var response = Login(currentuser.UserId,currentuser.Username, UserRole.User);
return response;
}
Index.htm:
Index.htm:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
<script src="Scripts/jquery-1.7.1.js" type="text/javascript"></script>
<script>
$(document).ready(function () {
$("#Save").click(function () {
var person = new Object();
person.UserName = $('#UserName').val();
person.Password = $('#Password').val();
$.ajax({
url: 'http://localhost:59583/api/auth/login',
type: 'GET',
contentType: 'application/json',
dataType: 'jsonp',
data: JSON.stringify(person),
beforeSend: function (xhr) {
xhr.setRequestHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
xhr.setRequestHeader("Access-Control-Allow-Origin", "*");
xhr.setRequestHeader("Access-Control-Allow-Methods", "GET,PUT,POST,DELETE");
xhr.setRequestHeader("Content-Type", "text/plain");
xhr.setRequestHeader("Access-Control-Allow-Credentials", "true");
},
success: function (response) {
//alert(XMLHttpRequest.getResponseHeader());
console.log(response);
window.location.href("Portal.htm");
},
error: function (xhr, textStatus, errorThrown) {
console.log(xhr, textStatus, errorThrown);
console.log('Error in Operation');
}
});
});
});
</script>
</head>
<body>
<form id="form1">
Name :- <input type="text" name="UserName" id="UserName" />
Surname:- <input type="password" name="Password" id="Password" />
<input type="button" id="Save" value="Save Data" />
</form>
</body>
</html>
推荐答案
( document )。ready( function (){
(document).ready(function () {
( #Save).click( function (){
var person = new Object();
person.UserName =
("#Save").click(function () { var person = new Object(); person.UserName =
(' #UserName')VAL();
person.Password =
('#UserName').val(); person.Password =
这篇关于如何使用这个auth tokencookie的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
