我有一个Console App和一个Web API 2项目,它们都在同一台服务器上运行。我设置了我的控制台应用程序,在模拟域帐户时使用HttpClient在我的Web API中调用RESTful端点。
Console.WriteLine("Setting up impersonator.");
using (new Impersonator(accountUsername, accountDomain, accountPwd))
{
Console.WriteLine("Impersonator set up.");
HttpClientHandler handler = new HttpClientHandler();
handler.UseDefaultCredentials = true;
Console.WriteLine("Executing as: " + System.Security.Principal.WindowsIdentity.GetCurrent().Name);
using (var client = new HttpClient(handler))
{
client.BaseAddress = new Uri(serviceBaseUrl);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage response = await client.GetAsync("api/resource/3/");
Console.WriteLine(response.ToString());
if (response.IsSuccessStatusCode)
{
result = await response.Content.ReadAsAsync<ResourceType>();
}
}
if (result != null)
{
// Do something...
}
}
我认为实际端点与此问题无关,因为Http请求从未实现过这一点(即使没有任何授权属性)。当我在本地运行这两个项目时,Console App在拨打电话时成功。但是,当我在服务器上运行它时,控制台应用程序会收到未经授权的401。我在我的Web API管道中添加了一些日志记录来记录HttpContext.Current.User信息。
protected void Application_BeginRequest()
{
var currentContext = HttpContext.Current;
ILogHelper _logger = new LogHelper("System");
_logger.LogLine(NLog.LogLevel.Info, LogHelper.Tier.Business, "BeginRequest System Principal Name: " + System.Security.Principal.WindowsIdentity.GetCurrent().Name);
_logger.LogLine(NLog.LogLevel.Info, LogHelper.Tier.Business, "BeginRequest Is User Null? " + (currentContext.User == null? "YES":"NO"));
if (currentContext.User != null)
{
_logger.LogLine(NLog.LogLevel.Info, LogHelper.Tier.Business, "BeginRequest User: " + currentContext.User.Identity.Name);
_logger.LogLine(NLog.LogLevel.Info, LogHelper.Tier.Business, "BeginRequest User Authenticated: " + currentContext.User.Identity.IsAuthenticated.ToString());
}
}
protected void Application_AuthenticateRequest()
{
var currentContext = HttpContext.Current;
ILogHelper _logger = new LogHelper("System");
_logger.LogLine(NLog.LogLevel.Info, LogHelper.Tier.Business, "AuthenticateRequest System Principal Name: " + System.Security.Principal.WindowsIdentity.GetCurrent().Name);
_logger.LogLine(NLog.LogLevel.Info, LogHelper.Tier.Business, "AuthenticateRequest Is User Null? " + (currentContext.User == null ? "YES" : "NO"));
if (currentContext.User != null)
{
_logger.LogLine(NLog.LogLevel.Info, LogHelper.Tier.Business, "AuthenticateRequest User: " + currentContext.User.Identity.Name);
_logger.LogLine(NLog.LogLevel.Info, LogHelper.Tier.Business, "AuthenticateRequest User Authenticated: " + currentContext.User.Identity.IsAuthenticated.ToString());
}
}
protected void Application_AuthorizeRequest()
{
var currentContext = HttpContext.Current;
ILogHelper _logger = new LogHelper("System");
_logger.LogLine(NLog.LogLevel.Info, LogHelper.Tier.Business, "AuthorizeRequest System Principal Name: " + System.Security.Principal.WindowsIdentity.GetCurrent().Name);
_logger.LogLine(NLog.LogLevel.Info, LogHelper.Tier.Business, "AuthorizeRequest Is User Null? " + (currentContext.User == null ? "YES" : "NO"));
if (currentContext.User != null)
{
_logger.LogLine(NLog.LogLevel.Info, LogHelper.Tier.Business, "AuthorizeRequest User: " + currentContext.User.Identity.Name);
_logger.LogLine(NLog.LogLevel.Info, LogHelper.Tier.Business, "AuthorizeRequest User Authenticated: " + currentContext.User.Identity.IsAuthenticated.ToString());
}
}
在本地运行时,模拟用户将登录“AuthenticateRequest”和“AuthorizeRequest”。但是,当在服务器上运行时,用户在整个管道中都是空的。
我在IIS中启用了Windows身份验证和模拟(其他一切都已禁用)。我已经工作了40多个小时,觉得我没有取得任何进展。对这个问题的任何帮助都是巨大的!
答案 0 :(得分:1)
从这个SO question,我确定它实际上是一个FQDN问题。要修复&#34;,我只需要更改&#34; servername.com/service /"我的Web.config中的基本URL与&#34; localhost / service /&#34;。一旦我这样做,它就完美无缺。我不喜欢使用localhost作为URL,但我无法编辑服务器注册表值,因此fix provided by Microsoft对我不起作用。
此外,事实证明我在IIS中的Web API网站上不需要启用模拟。现在,我只启用了Windows身份验证。