Fatal编程技术网
  • asp.net-web-api/
  • Asp.net web api HttpClient是否总是在提供授权标头后执行基本身份验证检查?

Asp.net web api HttpClient是否总是在提供授权标头后执行基本身份验证检查?

asp.net-web-api xamarin

Asp.net web api HttpClient是否总是在提供授权标头后执行基本身份验证检查?,asp.net-web-api,xamarin,Asp.net Web Api,Xamarin,web api控件UserControl有两个方法,RetrieveUserID,需要进行基本的授权检查 [HttpGet] [Route("RetrieveUserID/{strUsername}")] [Authorize] public string RetrieveUserID(string strUsername) { //retrieve userID and return it ...... r

web api控件UserControl有两个方法,RetrieveUserID,需要进行基本的授权检查

    [HttpGet]
    [Route("RetrieveUserID/{strUsername}")]
    [Authorize]
    public string RetrieveUserID(string strUsername)
    {
        //retrieve userID and return it
        ......
        return strUserID;
    }

    [HttpGet]
    [Route("FailAuthenticationReason/{strUsername}")]
    public string FailAuthenticationReason(string strUsername)
    {
        //retrieve detail failed reason
        ......
        return strFailedReason;
    }//End of
另一种方法FailAuthenticationReason用于无法检索用户ID的情况,它返回详细的失败信息,例如错误的用户名、错误的密码、帐户被锁定等,而不需要进行任何身份验证检查

    [HttpGet]
    [Route("RetrieveUserID/{strUsername}")]
    [Authorize]
    public string RetrieveUserID(string strUsername)
    {
        //retrieve userID and return it
        ......
        return strUserID;
    }

    [HttpGet]
    [Route("FailAuthenticationReason/{strUsername}")]
    public string FailAuthenticationReason(string strUsername)
    {
        //retrieve detail failed reason
        ......
        return strFailedReason;
    }//End of
当我使用浏览器检查它们时,效果很好。但当我在我的应用程序中使用它时,在我提供了授权标头并且由于用户名和/或密码不正确而无法检索用户ID之后,它还会在调用FailAuthenticationReason时进行授权检查

            var authData = string.Format("{0}:{1}", entUsername.Text,entPassword.Text);
            var authHeaderValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(authData));
            App.httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", authHeaderValue);

            var uri = new Uri(string.Format(App.strWebAPIURI + "/RetrieveUserID/{0}", entUsername.Text));

            try
            {
                var response = await App.httpClient.GetAsync(uri);

                if (response.IsSuccessStatusCode)
                {
                  ......
                }
                else
                {
                   //Fail to pass authorization
                   uri = new Uri(string.Format(App.strWebAPIURI + "/FailAuthenticationReason/{0}", entUsername.Text));
                   response = await App.httpClient.GetAsync(uri);
                   ......
                }
没有授权检查,程序如何调用FailAuthenticationReason?

当然会。您的RetrieveUserID方法上有一个Authorize属性。您不应该返回无法进行登录的实际原因!