我正在使用C#和.NET Framework 4.5.1中的Web Api服务开发ASP.NET MVC 5应用程序。
我在<authentication mode="Windows" />上启用了Web.config并在ASP.NET MVC控制器上添加了以下内容:
[Authorize(Roles = @"MyDomain\MyRole")]
public class ReportController : Controller
但我不需要ApiController上的Windows身份验证。如何启用对ApiController s的匿名访问?
答案 0 :(得分:2)
要为webapi执行此操作,您可以在Web.Config中使用以下内容
font-size: 1em这就是说对于api控制器,允许任何用户(用?表示)。如果你想做特定的控制器,可能值得更改一下。
它还假设您拒绝访问所有匿名用户,并且您的web.config身份验证就像这样
<Location "/something">
Header add Pragma "must-revalidate no-cache"
Header add X-RequestTime "%t %D"
ExpiresActive on
ExpiresDefault "now"
AuthName "Something"
AuthType Basic
AuthUserFile "L:\Docs\mgrpass.txt" #does not take usernames and passwords
#from there anymore. Takes them from database instead.
Order allow,deny
Allow from all
SetEnv ERR_MAIL "sysadmin@mywebsite.com"
SetEnv SCHEMA "manager"
SetEnv AUTHTYPE "manager"
AuthBasicProvider socache dbd
AuthnCacheProvideFor dbd
AuthnCacheContext myServer
# Here should be some hash config to convert local password
# to md5 encrypted one... Help please :(
Require valid-user
AuthDBDUserPWQuery "SELECT parool as password FROM _usr WHERE email = %s"
SetEnv "FORMAT" "json"
php_flag pgsql.log_notice off
php_flag magic_quotes_gpc off
php_flag output_buffering off
php_admin_flag safe_mode_gid on
Header add X-Timing "%D microseconds"
</Location>
但是如果你想在MVC控制器上允许它,你可以使用 [AllowAnonymous] 属性。
Disable Windows Authentication for WebAPI
Windows Authentication for ASP.NET MVC 4 - how it works, how to test it
补充阅读: