为了保护我的web api,我在以下方式添加了 [Authorize]
之前的动作声明:
[Route("api/getvPaymentDues")]
[HttpGet]
[Authorize]
public dynamic getData()
{
var vPaymentDues = (from recordset in db.vPaymentDues
select new DTOvPaymentDue
{
UserName = recordset.UserName,
FullName = recordset.FullName,
ContactNum = recordset.ContactNum,
Address = recordset.Address,
AreaName = recordset.AreaName,
ColonyName = recordset.ColonyName,
PackageName = recordset.PackageName,
LastRenewDate = recordset.LastRenewDate,
PackageExpiryDate = recordset.PackageExpiryDate,
InvoiceAmount = recordset.InvoiceAmount,
ReceivedAmount = recordset.ReceivedAmount,
DueInDays = recordset.DueInDays
});
return new { data = vPaymentDues };
}
当我将api称为 localhost/api/getvPaymentDues
时,它正确地说 {"Message":"Authorization has been denied for this request."}
我的问题是如何在我的web api中发送请求中的值(从ajax完成时)以获得授权?
1 回答
回答:
我在我的应用程序中添加了身份验证(由cookie授权) . 这解决了我的问题 .
当用户登录时,在本地系统中保存了一个cookie,并且(在其生命周期内)确保api调用正在进行身份验证 .
不是一个完整的解决方案,但解决了我目前的目的 .