授权标头为空

时间:2015-06-17 10:16:57

标签: c# asp.net asp.net-mvc asp.net-mvc-4 asp.net-web-api

基本身份验证模块

public class BasicAuthHttpModule : IHttpModule
{
    private const string Realm = "AngularWebAPI";

    public void Init(HttpApplication context)
    {
        // Register event handlers
        context.AuthenticateRequest += OnApplicationAuthenticateRequest;
        context.EndRequest += OnApplicationEndRequest;
    }

    private static void SetPrincipal(IPrincipal principal)
    {
        Thread.CurrentPrincipal = principal;
        if (HttpContext.Current != null)
        {
            HttpContext.Current.User = principal;
        }
    }

    private static bool AuthenticateUser(string credentials)
    {
        var encoding = Encoding.GetEncoding("iso-8859-1");
        credentials = encoding.GetString(Convert.FromBase64String(credentials));

        var credentialsArray = credentials.Split(':');
        var username = credentialsArray[0];
        var password = credentialsArray[1];

        /* REPLACE THIS WITH REAL AUTHENTICATION
        ----------------------------------------------*/
        if (!(username == "test" && password == "test"))
        {
            return false;
        }

        var identity = new GenericIdentity(username);
        SetPrincipal(new GenericPrincipal(identity, null));

        return true;
    }

    private static void OnApplicationAuthenticateRequest(object sender, EventArgs e)
    {
        var request = HttpContext.Current.Request;
        var authHeader = request.Headers["Authorization"];
        if (authHeader != null)
        {
            var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader);

            // RFC 2617 sec 1.2, "scheme" name is case-insensitive
            if (authHeaderVal.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase) && authHeaderVal.Parameter != null)
            {
                AuthenticateUser(authHeaderVal.Parameter);
            }
        }
    }

    // If the request was unauthorized, add the WWW-Authenticate header
    // to the response.
    private static void OnApplicationEndRequest(object sender, EventArgs e)
    {
        var response = HttpContext.Current.Response;
        if (response.StatusCode == 401)
        {
            response.Headers.Add("WWW-Authenticate", string.Format("Basic realm=\"{0}\"", Realm));
        }
    }

       public void Dispose()
       {
       }
    }

Api控制器

[Authorize]
public class SecureDataController : ApiController
{
   public IHttpActionResult Get()
   {
    return Ok(new { secureData = "You have to be authenticated to access this!" });
    }
}

HttpActionContext.Request.Headers.Authorization始终为null。

对此有何想法?

谢谢,

0 个答案:

没有答案