我正在尝试使用Web调用rest api创建SOA但我有授权问题。 AuthenticateUser可以作为用户和密码进行“测试”,但在OnApplicationEndRequest中仍然会返回401。我错过了什么?
请询问任何额外信息,我会尽力而为。
使用IIS Express
ApiController
[Authorize]
public class BookController : ApiController
{
public object Get()
{
return "";
}
}
REST - 验证模块
namespace REST.Modules
{
public class BasicAuthHttpModule : IHttpModule
{
private const string Realm = "XX WebAPI";
public void Init(HttpApplication context)
{
// Register event handlers
context.AuthenticateRequest += OnApplicationAuthenticateRequest;
context.EndRequest += OnApplicationEndRequest;
}
private static void SetPrincipal(IPrincipal principal)
{
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
private static bool AuthenticateUser(string credentials)
{
var encoding = Encoding.GetEncoding("iso-8859-1");
credentials = encoding.GetString(Convert.FromBase64String(credentials));
var credentialsArray = credentials.Split(':');
var username = credentialsArray[0];
var password = credentialsArray[1];
if (!(username == "test" && password == "test"))
{
return false;
}
var identity = new GenericIdentity(username);
SetPrincipal(new GenericPrincipal(identity, null));
return true;
}
private static void OnApplicationAuthenticateRequest(object sender, EventArgs e)
{
var request = HttpContext.Current.Request;
var authHeader = request.Headers["Authorization"];
if (authHeader != null)
{
var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader);
// RFC 2617 sec 1.2, "scheme" name is case-insensitive
if (authHeaderVal.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase) && authHeaderVal.Parameter != null)
{
AuthenticateUser(authHeaderVal.Parameter);
}
}
}
// If the request was unauthorized, add the WWW-Authenticate header
// to the response.
private static void OnApplicationEndRequest(object sender, EventArgs e)
{
var response = HttpContext.Current.Response;
if (response.StatusCode == 401)
{
response.Headers.Add("WWW-Authenticate", string.Format("Basic realm=\"{0}\"", Realm));
}
}
public void Dispose()
{
}
}
}
网络
readonly static string baseUri = "http://localhost:XXXX/api/book/";
public static void GetBookList()
{
string uri = baseUri;
using (HttpClient httpClient = new HttpClient(new HttpClientHandler { Credentials = new NetworkCredential("test", "test") }))
{
Task<HttpResponseMessage> response = httpClient.PostAsJsonAsync(uri, data);
var x = response.Result.Content.ReadAsAsync<object>().Result.ToJson();
}
}
对ApplicationHost.config
<authentication>
<anonymousAuthentication enabled="false" userName="" />
<basicAuthentication enabled="true" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="true">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
<authorization>
<add accessType="Allow" users="*" />
</authorization>
ApplicationUserManager
public static ApplicationUserManager Create(IdentityFactoryOptions<ApplicationUserManager> options, IOwinContext context)
{
var manager = new ApplicationUserManager(new UserStore<ApplicationUser>(context.Get<ApplicationDbContext>()));
// Configure validation logic for usernames
manager.UserValidator = new UserValidator<ApplicationUser>(manager)
{
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
};
// Configure validation logic for passwords
manager.PasswordValidator = new PasswordValidator
{
RequiredLength = 6,
RequireNonLetterOrDigit = true,
RequireDigit = true,
RequireLowercase = true,
RequireUppercase = true,
};
var dataProtectionProvider = options.DataProtectionProvider;
if (dataProtectionProvider != null)
{
manager.UserTokenProvider = new DataProtectorTokenProvider<ApplicationUser>(dataProtectionProvider.Create("ASP.NET Identity"));
}
return manager;
}
答案 0 :(得分:0)
您似乎没有为测试用户创建身份,您立即返回false,因此如果您想要测试@test帐户(您应该非常小心不要离开进行生产),那么您需要在这种情况下也要创造身份。
由于您拥有[授权]属性,因此缺少标识会导致ASP.NET生成401。
答案 1 :(得分:0)
您需要从ApplicationUser对象
创建一个Identityprivate async Task SignInAsync(ApplicationUser user, bool isPersistent)
{
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie);
var identity = await pApplicationUserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
AuthenticationManager.SignIn(new AuthenticationProperties() { IsPersistent = isPersistent }, identity);
}
答案 2 :(得分:0)
两件事:
您需要为用户分配角色。空角色与无角色不同。
private static bool AuthenticateUser(string credentials)
{
var encoding = Encoding.GetEncoding("iso-8859-1");
credentials = encoding.GetString(Convert.FromBase64String(credentials));
var credentialsArray = credentials.Split(':');
var username = credentialsArray[0];
var password = credentialsArray[1];
if (!(username == "test" && password == "test"))
{
return false;
}
var identity = new GenericIdentity(username);
//0 roles not null roles
SetPrincipal(new GenericPrincipal(identity, string[]{}));
return true;
}
private static void OnApplicationAuthenticateRequest(object sender, EventArgs e)
{
var request = HttpContext.Current.Request;
var authHeader = request.Headers["Authorization"];
if (authHeader != null)
{
var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader);
// RFC 2617 sec 1.2, "scheme" name is case-insensitive
if (authHeaderVal.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase) && authHeaderVal.Parameter != null)
{
bool userIsAuthenticated =AuthenticateUser(authHeaderVal.Parameter);
//If not authenticated then user is not Authorized.
if (!userIsAuthenticated){
addUnauthorizedHeader()
}
}
}
}
private static void addUnauthorizedHeader(){
response.Headers.Add("WWW-Authenticate", string.Format("Basic realm=\"{0}\"", Realm));
}