lsm/OpenAuth.Net
1
0
Fork 0
mirror of https://gitee.com/dotnetchina/OpenAuth.Net.git synced 2025-11-09 02:44:44 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
ee91dd924a9a79997912a71510e5c90274e1fbe2
OpenAuth.Net/docs/core/apiauth.md

56 lines
1.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# API权限控制
在使用OpenAuth.WebApi过程中系统会对所有的Api进行权限控制。如果没有登录就访问Api接口会提示下面信息
```javascript
{
"message": "认证失败,请提供认证信息",
"code": 401
}
```
如果想正常调用,必需先调用登录接口`/api/Check/Login`拿到登录`token`,如下:
```javascript
{
"returnUrl": "http://localhost:56813",
"token": "e4a5aa00",
"result": null,
"message": "操作成功",
"code": 200
}
```
把token值放置在http header X-Token中即可正常调用其他接口。如下
```javascript
GET /api/Applications/Load?page=1&limit=10 HTTP/1.1
Host: localhost:52789
X-Token: e4a5aa00
```
## 按角色授权API资源
目前主流的接口平台都提供按角色或账号授权访问API的功能OpenAuth.Net也不例外。在OpenAuth.Net中接口API被当作资源处理。如图
![2025-03-11-11-18-31](http://img.openauth.net.cn/2025-03-11-11-18-31.png)
如果后端新增或删除API点击【同步系统API资源】按钮即可同步到资源列表中。在角色管理功能中可以对登录的角色进行API资源授权。
![](http://img.openauth.net.cn/2025-03-11-11-13-54.png)
## 不登录直接访问
有些场景我们需要不进行登录直接访问接口,可以直接在接口上面加[AllowAnonymous]注解即可。如下:
```csharp
[HttpGet]
[AllowAnonymous]
public async Task<TableData> Load([FromQuery]QueryWmsInboundOrderDtblListReq request)
{
return await _app.Load(request);
}
```
Reference in New Issue View Git Blame Copy Permalink