Install-Package Microsoft.AspNet.WebApi.Cors
WebApiConfig.cs
public static void Register(HttpConfiguration config)
{
//configuracion para que retorne JSON en lugar de XML
config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html"));
//habilita CORS para cualquier request
var cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors();
//permite indicar nombres especificos en las rutas REST, en lugar de los estandares (get, post, put, etc)
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "ActionApi",
routeTemplate: "api/{controller}/{action}/{id}",
defaults: new { id = RouteParameter.Optional }
);
config.MessageHandlers.Add(new TokenValidationHandler());
//indica que el filtro debe aplicarse a todos los elementos del WebApi (intercepta todos los requests)
config.Filters.Add(new AuthorizeAttribute());
}
LoginController.cs
public class LoginController : ApiController
{
//ej de uso: localhost/servicios/api/login/authenticate
[HttpPost]
[AllowAnonymous] //esto permite evitar que se aplique el filtro, dado que todavia no tenemos el token
public IHttpActionResult Authenticate([FromBody] LoginRequest login)
{
var loginResponse = new LoginResponse { };
LoginRequest loginrequest = new LoginRequest { };
loginrequest.Username = login.Username.ToLower();
loginrequest.Password = login.Password;
IHttpActionResult response;
HttpResponseMessage responseMsg = new HttpResponseMessage();
bool isUsernamePasswordValid = false;
if (login != null)
isUsernamePasswordValid = loginrequest.Password == "admin" ? true : false;
// if credentials are valid
if (isUsernamePasswordValid)
{
string token = createToken(loginrequest.Username);
//return the token
return Ok<string>(token);
}
else
{
// if credentials are not valid send unauthorized status code in response
loginResponse.responseMsg.StatusCode = HttpStatusCode.Unauthorized;
response = ResponseMessage(loginResponse.responseMsg);
return response;
}
}
private string createToken(string username)
{
//Set issued at date
DateTime issuedAt = DateTime.UtcNow;
//set the time when it expires
DateTime expires = DateTime.UtcNow.AddDays(7);
//http://stackoverflow.com/questions/18223868/how-to-encrypt-jwt-security-token
var tokenHandler = new JwtSecurityTokenHandler();
//create a identity and add claims to the user which we want to log in
ClaimsIdentity claimsIdentity = new ClaimsIdentity(new[]
{
new Claim(ClaimTypes.Name, username)
});
const string sec = "401b09eab3c013d4ca54922bb802bec8fd5318192b0a75f201d8b3727429090fb337591abd3e44453b954555b7a0812e1081c39b740293f765eae731f5a65ed1";
var now = DateTime.UtcNow;
var securityKey = new Microsoft.IdentityModel.Tokens.SymmetricSecurityKey(System.Text.Encoding.Default.GetBytes(sec));
var signingCredentials = new Microsoft.IdentityModel.Tokens.SigningCredentials(securityKey, Microsoft.IdentityModel.Tokens.SecurityAlgorithms.HmacSha256Signature);
//create the jwt
var token =
(JwtSecurityToken)
tokenHandler.CreateJwtSecurityToken(issuer: "http://localhost:50191", audience: "http://localhost:50191",
subject: claimsIdentity, notBefore: issuedAt, expires: expires, signingCredentials: signingCredentials);
var tokenString = tokenHandler.WriteToken(token);
return tokenString;
}
}
ClientesController.cs
public class ClientesController : ApiController
{
[HttpGet]
public IHttpActionResult Lista()
{
var l = new ParametrosLogica();
var pp = l.Listar(5);
return this.Ok(pp);
}
[HttpGet]
public IHttpActionResult Buscar(int id)
{
var l = new ClientesLogica();
var pp = l.Buscar(id);
return this.Ok(pp);
}
}
No hay comentarios:
Publicar un comentario