无法在WCF数据服务上运行BasicAuthentication模块,我有HTTP错误500.19 - 内部服务器错误
和配置源显示错误"添加名称=" BasicAuthenticationModule""线
我使用blogs.mdsn.microsoft主题来编写此身份验证,我还在IIS本地项目和全局配置中启用了basicauthentication。
的Web.config
<modules runAllManagedModulesForAllRequests="true">
<add name="BasicAuthenticationModule"
type="Service.BasicAuthenticationModule"/>
<remove name="ApplicationInsightsWebTracking" />
<add name="ApplicationInsightsWebTracking"
type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule,
Microsoft.AI.Web" preCondition="managedHandler" />
</modules>
模块和AuthenticationProvider
public class BasicAuthenticationModule : IHttpModule
{
public void Init(HttpApplication context)
{
context.AuthenticateRequest += new EventHandler(context_AuthenticateRequest);
}
void context_AuthenticateRequest(object sender, EventArgs e)
{
//Unbox the application.
HttpApplication application = (HttpApplication)sender;
//Send to provider for authentication.
if (!BasicAuthenticationProvider.Authenticate(application.Context))
{
application.Context.Response.Status = "401 Unauthorized";
application.Context.Response.StatusCode = 401;
application.Context.Response.AddHeader("WWW-Authenticate", "Basic");
application.CompleteRequest();
}
}
public void Dispose()
{
}
}
public class BasicAuthenticationProvider
{
public static bool Authenticate(HttpContext context)
{
//This needs to be uncommented for live site.
//This will reject the login when not using SSL.
//if (!HttpContext.Current.Request.IsSecureConnection
// return false;
//I only want to execute code for authorization requests.
//if (!HttpContext.Current.Request.Headers.AllKeys.Contains("Authorization"))
// return false;
string authHeader = HttpContext.Current.Request.Headers["Authorization"];
IPrincipal principal;
if (TryGetPrincipal(authHeader, out principal))
{
HttpContext.Current.User = principal;
return true;
}
return false;
}
private static string[] ParseAuthHeader(string authHeader)
{
// Check this is a Basic Auth header
if (
string.IsNullOrEmpty(authHeader) ||
!authHeader.StartsWith("Basic")
) return null;
// Pull out the Credentials with are separated by ':' and Base64 encoded
string base64Credentials = authHeader.Substring(6);
string[] credentials = Encoding.ASCII.GetString(
Convert.FromBase64String(base64Credentials)
).Split(new char[] { ':' });
if (credentials.Length != 2 ||
string.IsNullOrEmpty(credentials[0]) ||
string.IsNullOrEmpty(credentials[0])
) return null;
// Okay this is the credentials
return credentials;
}
private static bool TryGetPrincipal(string authHeader, out IPrincipal principal)
{
var creds = ParseAuthHeader(authHeader);
if (creds != null && TryGetPrincipal(creds, out principal))
return true;
principal = null;
return false;
}
private static bool TryGetPrincipal(string[] creds, out IPrincipal principal)
{
if (creds[0] == "Administrator" && creds[1] == "SecurePassword")
{
principal = new GenericPrincipal(
new GenericIdentity("Administrator"),
new string[] { "Administrator", "User" }
);
return true;
}
else if (creds[0] == "JoeBlogs" && creds[1] == "Password")
{
principal = new GenericPrincipal(
new GenericIdentity("JoeBlogs"),
new string[] { "User" }
);
return true;
}
else
{
principal = null;
return false;
}
}
}