我正在尝试将自定义参数转发到RESTful API服务器,并将代理响应返回给面向客户端的服务器。我不希望客户端有权访问或能够读取API HTTP请求/响应交互,因此我决定使用反向代理执行此操作。我没有问题转发请求并返回响应。问题在于身份验证。面向客户端的服务器总是希望重定向到登录页面,因为它不相信客户端已通过身份验证。我尝试过使用HTTPS和HTTP,结果类似。
我已经研究了这个问题很长一段时间了,发现了各种各样的答案,其中没有一个似乎完全包含了我的具体用例。我关注this example,这是我最接近我特别需要的。但是,作者注释掉的凭证部分(//request.Credentials = CredentialCache.DefaultCredentials;)似乎没有涵盖我试图实现的身份验证部分。请帮我理解这个问题和解决方案。
以下是我在控制器中使用的代码:
public ActionResult ProxyEndpoint(string custom_string, string another_custom_string)
{
//Bunch of code here to grab the remoteUrl from AppConfig and do stuff to the parameters and store them in queryString, unnecessary to show here.
//Here's the important bits:
remoteUrl = remoteUrl + "?" + queryString; // create my remoteUrl
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(remoteUrl);
request.Credentials = CredentialCache.DefaultCredentials;
// Also tried this to no avail:
request.Credentials = CredentialCache.DefaultNetworkCredentials;
return ProxyActionResult(request.GetResponse());
}
以下是ProxyActionResult类:
public class ProxyActionResult : ActionResult
{
WebResponse _response;
public ProxyActionResult(WebResponse response)
{
_response = response;
}
public override void ExecuteResult(ControllerContext controllerContext)
{
HttpContextBase httpContext = controllerContext.HttpContext;
WebResponse response = _response;
// Read the byte stream from the response:
Stream responseStream = response.GetResponseStream();
// Pulled this next piece from http://www.codeproject.com/Articles/7135/Simple-HTTP-Reverse-Proxy-with-ASP-NET-and-IIS
// Seemed to fit our use case.
if ((response.ContentType.ToLower().IndexOf("html") >= 0) || (response.ContentType.ToLower().IndexOf("javascript") >= 0))// || (response.ContentType.ToLower().IndexOf("image") >= 0))
{
//If the response is HTML Content, parse it like HTML:
StreamReader readStream = new StreamReader(responseStream, Encoding.Default);
String content;
content = ParseHtmlResponse(readStream.ReadToEnd(), httpContext.Request.ApplicationPath);
//Write the updated HTML to the client(and then close the response):
httpContext.Response.Write(content);
httpContext.Response.ContentType = response.ContentType;
response.Close();
httpContext.Response.End();
}
else
{
// If the response is not HTML Content, write the stream directly to the client:
var buffer = new byte[1024];
int bytes = 0;
while ((bytes = responseStream.Read(buffer, 0, 1024)) > 0)
{
httpContext.Response.OutputStream.Write(buffer, 0, bytes);
}
// from http://www.dotnetperls.com/response-binarywrite
httpContext.Response.ContentType = response.ContentType; // Set the appropriate content type of the response stream.
// and close the stream:
response.Close();
httpContext.Response.End();
}
//throw new NotImplementedException();
}
// Debating whether we need this:
public string ParseHtmlResponse(string html, string appPath)
{
html = html.Replace("\"/", "\"" + appPath + "/");
html = html.Replace("'/", "'" + appPath + "/");
html = html.Replace("=/", "=" + appPath + "/");
return html;
}
答案 0 :(得分:2)
事实证明反向代理代码没有任何问题。远程服务器是ArcGIS OpenLayers API,其设置为crossOrigin: anonymous。我评论了这个设置,它运作得很好。
如果您有这个特定的ArcGIS OpenLayers问题,请查看文档: http://openlayers.org/en/v3.14.2/apidoc/ol.source.ImageWMS.html