我有两个基类RequestBase
和ResponseBase
,分别为请求和响应。从这些类派生的所有类型的需求和响应。 RequestBase
包含ClientKey
和AccessToken
字段。另外,我有AuthenticationService
服务。验证每个传入的请求
[ServiceContract]
public interface IAuthenticationService
{
[OperationContract]
public LoginResponse Login(LoginRequest request);
... other methods
}
假设我们有OrderService
服务。
public class OrderService:IOrderService
{
public OrderResponse GetOrders(OrderRequest request)
{
...
}
}
我需要验证为ClientKey
和AccessToken
每个请求,还检查用户是否被认证。我能做到以下几点:
public OrderResponse GetOrders(OrderRequest request)
{
var response = new OrderResponse(request.RequestId);
// call helper method for validation
var validationResult = ValidateRequest.Validate(request, response, ValidateOptions.All)
...
}
但我不想写在每一个方法这行代码:
var validationResult = Validate.ValidRequest(request, response, ValidateOptions.All)
什么是做到这一点的最好方法是什么?
PS。这是Validate
方法:
public static bool Validate(RequestBase request, ResponseBase response, ValidateOptions validate)
{
//Validate Client Key.
// Hardcoded here.
if ((Validate.ClientKey & validate) == Validate.ClientKey)
{
if (request.ClientKey != "ABC123")
{
response.Acknowledge = AcknowledgeType.Failure;
response.Message = "Unknown Client Key";
return false;
}
}
// Validate access token
if ((Validate.AccessToken & validate) == Validate.AccessToken)
{
if (request.AccessToken != _accessToken)
{
response.Acknowledge = AcknowledgeType.Failure;
response.Message = "Invalid or expired AccessToken. Call GetToken()";
return false;
}
}
// Validate user credentials
if ((Validate.UserCredentials & validate) == Validate.UserCredentials)
{
if (_userName == null)
{
response.Acknowledge = AcknowledgeType.Failure;
response.Message = "Please login and provide user credentials before accessing these methods.";
return false;
}
}
return true;
}
一个问题:哪里是存储_accessToken
,_userName
服务器上最好的地方?
看看消息检查器:http://msdn.microsoft.com/en-us/library/aa717047.aspx – trydis
我编辑了你的标题。请参阅:“[应该在其标题中包含”标签“](http://meta.stackexchange.com/questions/19190/)”,其中的共识是“不,他们不应该”。 –