Question

当我在IIS-8上部署WebAPI项目并测试使用邮递员时，它给我错误“ HTTP错误401.2-未经授权由于身份验证标题无效，因此您无权查看此页面。

更多信息：服务器配置不支持发送到Web服务器的WWW-Authenticate标头时，会发生此错误。检查资源的身份验证方法，并验证客户端使用哪种身份验证方法。当身份验证方法不同时，将发生错误。要确定客户端使用的身份验证类型，请检查客户端的身份验证设置。“

在本地工作正常。

我的Web.Config内容是：

<configuration>
  <appSettings>
    <add key="WhiteListedIPAddresses"  value="::1,192.168.9.175,192.168.9.234"/> <!-- Example "::1,192.168.9.234" -->
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.5.1" />
    <httpRuntime targetFramework="4.5.1" />
    <customErrors mode="Off"/>

  <!--<authentication mode="Windows" /> -->

    </system.web>
  <system.webServer>
    <handlers>
      <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
      <remove name="OPTIONSVerbHandler" />
      <remove name="TRACEVerbHandler" />
      <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
    </handlers>

  </system.webServer>
  <connectionStrings>
  <!--<add name="myConnectionString" connectionString="Provider=ASAProv.80; Trusted_Connection=True;Data Source=softwrench;Persist Security Info=True;commlinks=TCPIP;" /> -->
  <add name="myConnectionString" connectionString="Provider=ASAProv.80; Trusted_Connection=True;Data Source=Corporate;Persist Security Info=True;commlinks=TCPIP;" />
</connectionStrings>
  <runtime>
    <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
      </dependentAssembly>
      <dependentAssembly>
        <assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral" />
        <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
      </dependentAssembly>
    </assemblyBinding>
  </runtime>
</configuration>

基本验证码：



namespace WebApiSampleProject
{
    public class BasicAuthenticationAttribute : AuthorizationFilterAttribute
    {
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            //------------------------------------------------------------------------------------------------------------------------------
            string connStr = ConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionString;
            string sql;

            OleDbConnection conn;
            OleDbDataReader rdr;
            OleDbCommand cmd;
            //------------------------------------------------------------------------------------------------------------------------------

            var authHeader = actionContext.Request.Headers.Authorization;

            if (authHeader != null)
            {
                var authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
                var decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
                var usernamePasswordArray = decodedAuthenticationToken.Split(':');
                var userName = usernamePasswordArray[0];
                var password = usernamePasswordArray[1];


                //------------------------------------------------------------------------------------------------------------------------------
                conn = new OleDbConnection(connStr);
                conn.Open();

                sql = "SELECT ucode, upassword FROM user_list where ucode = ?";
                cmd = new OleDbCommand(sql, conn);
                OleDbParameter usercode = cmd.Parameters.Add("?", OleDbType.VarChar, 15);
                usercode.Value = userName;

                cmd.CommandType = CommandType.Text;
                rdr = cmd.ExecuteReader();

                var userid = "";
                var passcode = ""; 

                if (rdr.HasRows)
                {
                    while (rdr.Read())
                    {                             

                        userid = rdr["ucode"].ToString();

                        passcode = rdr["upassword"].ToString();
                    }
                }
                else
                {
                    Console.WriteLine("No rows found.");
                }


                rdr.Close();
                conn.Close();

                var isValid = userName == userid && password == passcode;

                //------------------------------------------------------------------------------------------------------------------------------

                if (isValid)
                {
                    var principal = new GenericPrincipal(new GenericIdentity(userName), null);
                    Thread.CurrentPrincipal = principal;

                    //actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,"User " + userName + " successfully authenticated");

                    return;
                }
            }

            HandleUnathorized(actionContext);
        }

        private static void HandleUnathorized(HttpActionContext actionContext)
        {
            //var host = actionContext.Request.RequestUri.DnsSafeHost;
            actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, "Username or Password is Incorrect" );

            actionContext.Response.Headers.Add("WWW-Authenticate", "Basic Scheme='Data' location = 'http://192.168.9.234:");

        }



    }
}

基本身份验证在Webapiconfig中注册为：

config.Filters.Add(new BasicAuthenticationAttribute());

我使用Postman客户端在Basic Auth下传递了用户名和密码，以及Json Request正文。

Answer 1

我设置了

loadData = countersarray=>{
    var name = ["Haseeb", "Fawad", "Khan"]  
    countersarray = [...countersarray, ...name.map(nm => {
            key: uniqeid(),
            id: uniqeid(),
            value: 0,
            name: nm 
          })]

this.setState({countersarray})  
}

到

<section name="authorization" overrideModeDefault="Deny" />

位于applicationHost.Config文件中，以解决此问题。

从邮递员测试时出现错误：HTTP错误401.2-未经授权

1 个答案: