Web API 2 基本身份验证泛型主体未设置
本文关键字:泛型 主体 设置 身份验证 API Web | 更新日期: 2023-09-27 18:35:50
我有以下代码来设置泛型主体。
public class AuthenticationHandler: DelegatingHandler
{
protected override System.Threading.Tasks.Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,
CancellationToken cancellationToken)
{
var accessToken = request.Headers.Authorization;
if (accessToken == null)
return base.SendAsync(request, cancellationToken);
// Catch an error with regards to the accessToken being invalid
try
{
var formsAuthenticationTicket = FormsAuthentication.Decrypt(accessToken.Parameter);
if (formsAuthenticationTicket == null)
return base.SendAsync(request, cancellationToken);
var data = formsAuthenticationTicket.UserData;
var userData = JsonConvert.DeserializeObject<LoginRoleViewModel>(data);
var identity = new GenericIdentity(userData.Id.ToString(), "Basic");
var userRole = userData.Roles.ToArray();
var principal = new GenericPrincipal(identity, userRole);
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
}
catch (Exception ex)
{
var responseMessage = request.CreateResponse(HttpStatusCode.BadRequest, new { ex.Message }); // return ex for full stacktrace
return Task<HttpResponseMessage>.Factory.StartNew(() => responseMessage);
}
return base.SendAsync(request, cancellationToken);
}
}
下面是一个控制器示例
[Authorize(Roles = "Administrator, Customers")]
[HttpGet("customers/{id}")]
public CustomerViewModel GetCustomer(string id)
{
var param = AuthService.CheckPermission(Request, User, id);
var customer = Db.Customers.Find(param);
return Mapper.Map<CustomerViewModel>(customer);
}
这是我检查用户角色是否的地方
public int CheckPermission(HttpRequestMessage request, IPrincipal user, string param)
{
if (user.IsInRole("Customers") || user.IsInRole("Dealerships"))
{
if (param == null || param != "me")
throw new HttpResponseException(request.CreateErrorResponse(HttpStatusCode.Forbidden, "unauthorized request"));
param = user.Identity.Name;
}
return Convert.ToInt32(param);
}
在升级到Web Api 2和MVC 5之前,这运行良好?现在用户没有角色或身份,是否有我不知道的更改?
不知道为什么它不再起作用,但在 Web API 2 中,有一个具有 Principal 属性的新类HttpRequestContext,这就是您应该设置以更新Principal。您可以从请求访问上下文对象。
真的不确定为什么这个功能在多年的稳定之后发生了变化。
我们找到了以下作品
request.GetRequestContext().Principal = new GenericIdentity(userData.Id.ToString(), "Basic");
这也有效,IMO在美学上更令人愉悦,因为您没有设置函数的成员
HttpContext.Current.User = new GenericIdentity(userData.Id.ToString(), "Basic");
这就是我为让它工作所做的。 升级导致此问题是多么不幸。
var identity = new GenericIdentity("ApiUser", request.Headers.Authorization.Scheme);
var principal = new GenericPrincipal(identity, new string[0]);
request.GetRequestContext().Principal = principal;
将"基本"更改为"表单"
var identity = new GenericIdentity(userData.Id.ToString(), "Forms");
此外,您是否正在使用FormsAuthenticationModule?MVC5 支持通过此模块进行表单身份验证。检查此处给出的示例http://msdn.microsoft.com/en-us/library/system.web.security.formsauthenticationmodule.aspx
它建议使用 FormsAuthentication_OnAuthenticate 进行描述和分配标识。
另请查看 http://blogs.msdn.com/b/webdev/archive/2013/07/03/understanding-owin-forms-authentication-in-mvc-5.aspx