如何从ASP.net MVC cshtml获取授权并将其设置为jquery ajax的Headers [" Authorization"]。
我成功登录ASP.NET MVC并使用FormsAuthentication.SetAuthCookie(model.Name,model.RememberMe),在网页Request.IsAuthenticated& User.Identity.Name正确显示。
在我的webapplication的WEB API Odata上,我使用AuthorizeAttribute类只授权用户访问。 这是我的全球
protected void Application_Start(object sender, EventArgs e)
{
...
WebApiOdataConfig.Register(GlobalConfiguration.Configuration);
GlobalConfiguration.Configuration.Filters.Add(new MembershipHttpAuthorizeAttribute());
...
}
这是我的MembershipHttpAuthorizeAttribute
public class MembershipHttpAuthorizeAttribute : BasicHttpAuthorizeAttribute
{
/// <summary>
/// Implement to include authentication logic and create IPrincipal
/// </summary>
protected override bool TryCreatePrincipal(string user, string password,
out IPrincipal principal)
{
principal = null;
if (!Membership.Provider.ValidateUser(user, password))
return false;
//FormsAuthentication.SetAuthCookie(user, true);
string[] roles = System.Web.Security.Roles.Provider.GetRolesForUser(user);
principal = new GenericPrincipal(new GenericIdentity(user), roles);
return true;
}
}
这是我的BasicHttpAuthorizeAttribute
public abstract class BasicHttpAuthorizeAttribute : AuthorizeAttribute
{
private const string BasicAuthResponseHeader = "WWW-Authenticate";
private const string BasicAuthResponseHeaderValue = "Basic";
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext == null)
throw Error.ArgumentNull("actionContext");
if (AuthorizationDisabled(actionContext)
|| AuthorizeRequest(actionContext.ControllerContext.Request))
return;
this.HandleUnauthorizedRequest(actionContext);
}
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
if (actionContext == null)
throw Error.ArgumentNull("actionContext");
actionContext.Response = CreateUnauthorizedResponse(actionContext
.ControllerContext.Request);
}
private HttpResponseMessage CreateUnauthorizedResponse(HttpRequestMessage request)
{
var result = new HttpResponseMessage()
{
StatusCode = HttpStatusCode.Unauthorized,
RequestMessage = request
};
//we need to include WWW-Authenticate header in our response,
//so our client knows we are using HTTP authentication
result.Headers.Add(BasicAuthResponseHeader, BasicAuthResponseHeaderValue);
return result;
}
private static bool AuthorizationDisabled(HttpActionContext actionContext)
{
//support new AllowAnonymousAttribute
if (!actionContext.ActionDescriptor
.GetCustomAttributes<AllowAnonymousAttribute>().Any())
return actionContext.ControllerContext
.ControllerDescriptor
.GetCustomAttributes<AllowAnonymousAttribute>().Any();
else
return true;
}
private bool AuthorizeRequest(HttpRequestMessage request)
{
AuthenticationHeaderValue authValue = request.Headers.Authorization;
if (authValue == null || String.IsNullOrWhiteSpace(authValue.Parameter)
|| String.IsNullOrWhiteSpace(authValue.Scheme)
|| authValue.Scheme != BasicAuthResponseHeaderValue)
{
return false;
}
string[] parsedHeader = ParseAuthorizationHeader(authValue.Parameter);
if (parsedHeader == null)
{
return false;
}
IPrincipal principal = null;
if (TryCreatePrincipal(parsedHeader[0], parsedHeader[1], out principal))
{
HttpContext.Current.User = principal;
return CheckRoles(principal) && CheckUsers(principal);
}
else
{
return false;
}
}
private bool CheckUsers(IPrincipal principal)
{
string[] users = UsersSplit;
if (users.Length == 0) return true;
//NOTE: This is a case sensitive comparison
return users.Any(u => principal.Identity.Name == u);
}
private bool CheckRoles(IPrincipal principal)
{
string[] roles = RolesSplit;
if (roles.Length == 0) return true;
return roles.Any(principal.IsInRole);
}
private string[] ParseAuthorizationHeader(string authHeader)
{
string[] credentials = Encoding.UTF8.GetString(Convert
.FromBase64String(authHeader))
.Split(
new[] { ':' });
if (credentials.Length != 2 || string.IsNullOrEmpty(credentials[0])
|| string.IsNullOrEmpty(credentials[1])) return null;
return credentials;
}
protected string[] RolesSplit
{
get { return SplitStrings(Roles); }
}
protected string[] UsersSplit
{
get { return SplitStrings(Users); }
}
protected static string[] SplitStrings(string input)
{
if(string.IsNullOrWhiteSpace(input)) return new string[0];
var result = input.Split(',')
.Where(s=>!String.IsNullOrWhiteSpace(s.Trim()));
return result.Select(s =>s.Trim()).ToArray();
}
/// <summary>
/// Implement to include authentication logic and create IPrincipal
/// </summary>
protected abstract bool TryCreatePrincipal(string user, string password,
out IPrincipal principal);
}
关于jquery ajax
...
ajax: {
beforeSend: function (jqXhr, settings) {
jqXhr.setRequestHeader("Authorization", ????); //I want set value of my current login here
}
},
...
答案 0 :(得分:0)
我将BasicHttpAuthorizeAttribute.OnAuthorization更改为
public override void OnAuthorization(HttpActionContext actionContext)
{
if (actionContext == null)
throw Error.ArgumentNull("actionContext");
if (AuthorizationDisabled(actionContext))
return;
//Case that user is authenticated using forms authentication
//so no need to check header for basic authentication.
if (HttpContext.Current.User.Identity.IsAuthenticated) //If current user is authenticated
{
var principal = HttpContext.Current.User;
if(CheckRoles(principal) && CheckUsers(principal))
return;
}
else if (AuthorizeRequest(actionContext.ControllerContext.Request)) //Use Basic Auth information
return;
this.HandleUnauthorizedRequest(actionContext);
}
它的工作