Asp.net web api HttpClient是否总是在提供授权标头后执行基本身份验证检查?
web api控件UserControl有两个方法,RetrieveUserID,需要进行基本的授权检查Asp.net web api HttpClient是否总是在提供授权标头后执行基本身份验证检查?,asp.net-web-api,xamarin,Asp.net Web Api,Xamarin,web api控件UserControl有两个方法,RetrieveUserID,需要进行基本的授权检查 [HttpGet] [Route("RetrieveUserID/{strUsername}")] [Authorize] public string RetrieveUserID(string strUsername) { //retrieve userID and return it ...... r
[HttpGet]
[Route("RetrieveUserID/{strUsername}")]
[Authorize]
public string RetrieveUserID(string strUsername)
{
//retrieve userID and return it
......
return strUserID;
}
[HttpGet]
[Route("FailAuthenticationReason/{strUsername}")]
public string FailAuthenticationReason(string strUsername)
{
//retrieve detail failed reason
......
return strFailedReason;
}//End of
另一种方法FailAuthenticationReason用于无法检索用户ID的情况,它返回详细的失败信息,例如错误的用户名、错误的密码、帐户被锁定等,而不需要进行任何身份验证检查
[HttpGet]
[Route("RetrieveUserID/{strUsername}")]
[Authorize]
public string RetrieveUserID(string strUsername)
{
//retrieve userID and return it
......
return strUserID;
}
[HttpGet]
[Route("FailAuthenticationReason/{strUsername}")]
public string FailAuthenticationReason(string strUsername)
{
//retrieve detail failed reason
......
return strFailedReason;
}//End of
当我使用浏览器检查它们时,效果很好。但当我在我的应用程序中使用它时,在我提供了授权标头并且由于用户名和/或密码不正确而无法检索用户ID之后,它还会在调用FailAuthenticationReason时进行授权检查
var authData = string.Format("{0}:{1}", entUsername.Text,entPassword.Text);
var authHeaderValue = Convert.ToBase64String(Encoding.UTF8.GetBytes(authData));
App.httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", authHeaderValue);
var uri = new Uri(string.Format(App.strWebAPIURI + "/RetrieveUserID/{0}", entUsername.Text));
try
{
var response = await App.httpClient.GetAsync(uri);
if (response.IsSuccessStatusCode)
{
......
}
else
{
//Fail to pass authorization
uri = new Uri(string.Format(App.strWebAPIURI + "/FailAuthenticationReason/{0}", entUsername.Text));
response = await App.httpClient.GetAsync(uri);
......
}
没有授权检查,程序如何调用FailAuthenticationReason?当然会。您的RetrieveUserID方法上有一个Authorize属性。您不应该返回无法进行登录的实际原因!