web api控件UserControl有两个方法,RetrieveUserID,需要进行基本授权检查
[HttpGet]
[Route("RetrieveUserID/{strUsername}")]
[Authorize]
public string RetrieveUserID(string strUsername)
{
//retrieve userID and return it
......
return strUserID;
}
如果无法检索userID,则使用另一种方法FailAuthenticationReason,它会返回详细的失败信息,例如错误的用户名,错误的密码,帐户被锁定等等,这不需要进行任何身份验证检查
[HttpGet]
[Route("FailAuthenticationReason/{strUsername}")]
public string FailAuthenticationReason(string strUsername)
{
//retrieve detail failed reason
......
return strFailedReason;
}//End of
使用浏览器检查它时效果很好。但是当我在我的应用程序中使用它时,在我提供授权标头并且由于用户名和/或密码不正确而无法检索userID之后,它还会在调用FailAuthenticationReason时执行授权检查
var authData = string.Format("{0}:{1}", entUsername.Text,entPassword.Text);
var authHeaderValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(authData));
App.httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", authHeaderValue);
var uri = new Uri(string.Format(App.strWebAPIURI + "/RetrieveUserID/{0}", entUsername.Text));
try
{
var response = await App.httpClient.GetAsync(uri);
if (response.IsSuccessStatusCode)
{
......
}
else
{
//Fail to pass authorization
uri = new Uri(string.Format(App.strWebAPIURI + "/FailAuthenticationReason/{0}", entUsername.Text));
response = await App.httpClient.GetAsync(uri);
......
}
如果没有授权检查,程序如何调用FailAuthenticationReason?