Web api 302状态重定向

时间:2015-05-14 14:04:14

标签: asp.net-web-api http-status-code-302 form-authentication

我有一个使用AngularJS和WebApi2以及FormAuthentication的项目。 因为我需要从使用会话来存储一些用户变量的WebForms项目中导入一些旧代码,所以我必须在WebApi中实现Session。

在WebConfig中我有:

`

 <authentication mode="Forms">
      <forms loginUrl="/index.html" defaultUrl="/Areas/Modeler/modeler.html" name=".ASPXFORMSAUTH" protection="All" cookieless="UseDeviceProfile" slidingExpiration="true" path="/" domain="" requireSSL="false" timeout="600" enableCrossAppRedirects="false">
      </forms>
</authentication>
<authorization>
        <allow users="*" />
</authorization>
<machineKey validationKey="xxxxx" decryptionKey="xxxxxx" validation="SHA1" />
</system.web>
<location path="Scripts">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>
<location path="~/Authenticate">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>

`

我在Global.asax.cs中进行了以下更改以实现Session:

`

public override void Init()
        {
            this.PostAuthenticateRequest += Application_PostAuthorizeRequest;
            base.Init();
        }
protected void Application_Start()
        {
            AreaRegistration.RegisterAllAreas();
            GlobalConfiguration.Configure(WebApiConfig.Register);
            GlobalConfiguration.Configuration.IncludeErrorDetailPolicy = IncludeErrorDetailPolicy.Always;
        }
protected void Application_PostAuthorizeRequest(object sender, EventArgs e)
        {
            var url = HttpContext.Current.Request.AppRelativeCurrentExecutionFilePath;
            var auth = Context.Request.IsAuthenticated;
            HttpContext.Current.SetSessionStateBehavior(SessionStateBehavior.Required);
        }`

用户输入他的姓名和密码后,我会调用post方法〜/ Authenticate / Login。

在Chrome浏览器网络标签中,我可以看到下面两行: 登录方法:POST,状态302 登录方法GET,状态405 第一次打电话:

Remote Address:[::1]:52966 Request URL:http://localhost:52966/Authenticate/Login Request Method:POST Status Code:302 Found Response Headers view source Content-Length:166 Date:Thu, 14 May 2015 13:11:24 GMT Location:/(S(tdd41h23pms5lllzyro1hltq))/Authenticate/Login Server:Microsoft-IIS/8.0 X-Powered-By:ASP.NET X-SourceFiles:=?UTF-8?B?RDpcUHJvamVjdH..............=?= Request Headers view source Accept:application/json, text/plain, */* Accept-Encoding:gzip, deflate Accept-Language:en-US,en;q=0.8,ro;q=0.6 Connection:keep-alive Content-Length:44 Content-Type:application/json;charset=UTF-8 Cookie:PHPSESSID=d5djbkgs7ttui073jl04mg6st3; __AntiXsrfToken=97b6e321343944a89ade4acc098305bd; ASP.NET_SessionId=2ggakcj1qxtewgsrh5qvtw40; _session_id=BAh7B0kiD3Nlc3Npb25faW....; .AspNet.ApplicationCookie=GcQUqnFHbPaX...; UserPassword=password; UserName=admin; .ASPXFORMSAUTH=7B15EE3DE... DNT:1 Host:localhost:52966 Origin:http://localhost:52966 Referer:http://localhost:52966/index.html User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Request Payload view source {userName: "admin", userPassword: "password"}

问题是:为什么重定向调用Login? 在Global.ascx.cs的方法Application_PostAuthorizeRequest中,检查Context.Request.IsAuthenticated并为true。

1 个答案:

答案 0 :(得分:1)

重定向来自配置。您已配置loginUrl和defaultUrl。这是用户将在身份验证之前和之后分别发送的地方。

相关问题
最新问题