众所周知,在Asp.net WebAPI中,认证是通过AuthenticationFilter过滤器实现的,我们通常的做法是自定义AuthenticationFilter,实现认证逻辑,认证通过,继续管道处理,认证失败,直接返回认证失败结果,类似如下:
public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{ var principal = await this.AuthenticateAsync(context.Request); if (principal == null)
{
context.Request.Headers.GetCookies().Clear();
context.ErrorResult = new AuthenticationFailureResult("未授权请求", context.Request);
} else
{
context.Principal = principal;
}
}
