未经授权的对.NET Core RESTful Web API的GET请求

时间:2016-09-29 14:13:38

标签: c# rest api asp.net-core .net-core

昨天我在.NET Core(解决方案名为Vault)中使用一种方法编写了一个简单的RESTful Web API,该方法仅根据Windows用户名获取用户的配置文件。我现在有第二个解决方案,可以将一些请求调用到我之前提到的自托管服务。当我使用Postman时,我可以轻松地检索数据,当我在Vault中使用我唯一的方法调用GET时,但是当我在Mainframe中构建URI并执行时,我收到了一个未经授权的错误,它让我感到困惑,因为Vault不需要特定的用户名和密码登录。我还在Vault中设置了一个断点,与我使用Postman时不同,它在通过大型机解决方案调用时无法访问我的代码。

在这里构建我的REST请求并调用服务(GetProfile()

public VaultApiClient(ConfigurationManagerWrap configuration)
{
    this.configuration = configuration;

    this.client = new RestClient(new Uri(this.configuration.GetAppSetting<string>(ConfigurationKeys.VaultApiURL)));
}

/// <summary>
/// The get profile.
/// </summary>
/// <returns>
/// The <see cref="UserProfile"/>.
/// </returns>
public UserProfile GetProfile()
{
    var request = new RestRequest("profile") { Method = Method.GET};
    //request.AddParameter("profile", ParameterType.UrlSegment);

    var response = this.client.Execute(request);

    if (response.StatusCode != HttpStatusCode.OK)
    {
        throw new Exception(
            $"Could not get the user profile ({response.StatusCode} {response.StatusDescription})");
    }

    return RestJsonSerializer.Default.Deserialize<UserProfile>(response);
}

我托管本地,所以基本URI,即ConfigurationKeys.VaultApiURL,是localhost5000 / api /

我的主机控制器:

public HomeController()
    : this(new VaultApiClient(new ConfigurationManagerWrap()))
{
}

/// <summary>
/// Initializes a new instance of the <see cref="HomeController"/> class.
/// </summary>
/// <param name="vaultApiClient">
/// The vault api client.
/// </param>
public HomeController(IVaultApiClient vaultApiClient)
{
    this.vaultApiClient = vaultApiClient;
}

/// <summary>
/// The index.
/// </summary>
/// <returns>
/// The <see cref="ActionResult"/>.
/// </returns>
public ActionResult Index()
{
    var profile = this.GetProfile();

    this.ViewBag.IsEdit = false;
    this.ViewBag.IsError = false;
    this.ViewBag.ErrorMessage = "";

    if (this.TempData.ContainsKey("IsEdit"))
    {
        this.ViewBag.IsEdit = true;
        this.TempData.Remove("IsEdit");

        if (this.TempData.ContainsKey("ErrorMessage"))
        {
            this.ViewBag.IsError = true;
            this.ViewBag.ErrorMessage = this.TempData["ErrorMessage"];
            this.TempData.Remove("ErrorMessage");
        }
    }

    return this.View("Index", profile);
}

private UserProfile GetProfile()
{
    return this.vaultApiClient.GetProfile();
}

这是处理有问题的GET请求的Vault控制器方法:

[HttpGet]
[Route("/api/Profile")]
[Produces(typeof(UserProfile))]
public IActionResult SearchProfile()
{
    try
    {
        if (!this.currentuser.IsAuthenticated)
        {
            throw new Exception("This service does not support anonymous calls.");
        }

        var profile = Task.Run(() => this.personalizationService.GetUserProfileAsync(this.currentuser.GetCurrentWindowsIdentityName)).Result;

        var userProfile = this.persistenceToDataModelConverter.Convert(profile);
        userProfile.UserAdLogin = this.currentuser.GetCurrentWindowsIdentityName;

        return this.Ok(userProfile);
    }
    catch (Exception ex)
    {
        return this.NotFound(ex);
    }
}

最后,这里有一些错误被抛出之前和之后的图片。 What the client holds

What the request holds

The error

1 个答案:

答案 0 :(得分:1)

必须为客户端请求提供凭据信息才能通过服务器进行身份验证。

相关问题
最新问题