'访问被拒绝'在具有安全授权的Web API上

时间:2017-01-23 11:00:11

标签: c# asp.net-mvc-4 asp.net-web-api authorization

我尝试使用身份验证创建虚拟网络API

通过以下链接:YouTube Video Tutorial Link

控制器代码: 

MySecurityClient msc = new MySecurityClient();
ViewBag.result1 = msc.Demo()==null ?"Access Denied": msc.Demo();
return View();

在模型中: 

public class MySecurityClient
{
    private string BASE_URL = "http://localhost:3513/api/MySecurity/";
    private object convert;

    public string Demo()
    {
        try
        {
            HttpClient Client = new HttpClient();
            var authInfo = Convert.ToBase64String(Encoding.Default.GetBytes("acc1:123"));
            Client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", authInfo);
            Client.BaseAddress = new Uri(BASE_URL);
            HttpResponseMessage response = Client.GetAsync("Work2").Result;
            if (response.IsSuccessStatusCode)
                return response.Content.ReadAsStringAsync().Result;
            return null;
        }
        catch (Exception ex)
        {
            return null;   
        }
    }
}

服务器控制器: 

[HttpGet]
[Route("Work2")]
[MyAuthorize(Roles="SuperAdmin")]
public string Work2()
{
    return "Work2";
}

授权覆盖: 

public override void OnAuthorization(HttpActionContext actionContext)
{
    try
    {
        AuthenticationHeaderValue authValue = actionContext.Request.Headers.Authorization;
        if (authValue != null && !string.IsNullOrWhiteSpace(authValue.Parameter) 
            && authValue.Scheme == BasicAuthResponseHeaderValue)
        {
            Credential parsedCredentials = ParseAuthorizationHeader(authValue.Parameter);
            var MyPrincipal = new MyPrincipal(parsedCredentials.UserName);
            if (!MyPrincipal.IsInRole(Roles))
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
                actionContext.Response.Headers.Add(BasicAuthResponseHeader, BasicAuthResponseHeaderValue);
            }
            else
            {
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK);
                actionContext.Response.Headers.Add(BasicAuthResponseHeader, BasicAuthResponseHeaderValue);
                //return;
            }
        }
    }
    catch (Exception ex)
    {
        actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK);
        actionContext.Response.Headers.Add(BasicAuthResponseHeader, BasicAuthResponseHeaderValue);
    }
}

response.IsSuccessStatusCode是真的,

但如果我们使用ViewBag.result1

,则return response.Content.ReadAsAsync<string>().Result;为空

并在return response.Content.ReadAsAsync<string>().Result;

上拒绝访问

提前致谢

0 个答案:

没有答案
相关问题
最新问题