C# 如何在ASP.NET Core 2.0中正确配置使用外部Restful API的身份验证?
我正在使用一个外部Restful Api。我为headers值提供了授权密钥。当我尝试用postman发送请求时,它返回200 Ok,我在代码中使用相同的API键。使用带有授权密钥的Restful Api的正确方法是什么 我已经为ConfigureServices和configure配置Startup.cs。然后我使用HttpClient来使用restfulapi。不知怎的,我得到了一个未经授权的回复 Startup.cs的代码C# 如何在ASP.NET Core 2.0中正确配置使用外部Restful API的身份验证?,c#,asp.net-core-webapi,asp.net-core-2.1,C#,Asp.net Core Webapi,Asp.net Core 2.1,我正在使用一个外部Restful Api。我为headers值提供了授权密钥。当我尝试用postman发送请求时,它返回200 Ok,我在代码中使用相同的API键。使用带有授权密钥的Restful Api的正确方法是什么 我已经为ConfigureServices和configure配置Startup.cs。然后我使用HttpClient来使用restfulapi。不知怎的,我得到了一个未经授权的回复 Startup.cs的代码 public void ConfigureServices(ISe
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(options =>
{
options.AddPolicy("CorsPolicy", builder =>
{
builder
.AllowAnyOrigin()
.AllowAnyMethod()
.AllowAnyHeader()
.AllowCredentials();
});
});
services.AddAuthentication();
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
app.UseCors("CorsPolicy");
app.UseMvc();
}
Services.cs代码:
private static HttpClient _httpClient = new HttpClient();
public CRUDService()
{
_httpClient.BaseAddress = new Uri("https://api.deezer.com");
_httpClient.DefaultRequestHeaders.Clear();
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("X-API_KEY", "081f0fca-1bca-4e8e-9a24-22ff2c3d462c");
_httpClient.Timeout = new TimeSpan(0, 0, 30);
_httpClient.DefaultRequestHeaders.Clear();
_httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
}
public async Task Run()
{
await GetResource();
}
public async Task GetResource()
{
var response = await _httpClient.GetAsync("/v1/song/latest");
response.EnsureSuccessStatusCode();
var content = await response.Content.ReadAsStringAsync();
var movies = new List<Movie>();
if (response.Content.Headers.ContentType.MediaType == "application/json")
{
movies = JsonConvert.DeserializeObject<List<Movie>>(content);
}
}
private static HttpClient _HttpClient=new HttpClient();
公共CRUDService()
{
_httpClient.BaseAddress=新Uri(“https://api.deezer.com");
_httpClient.DefaultRequestHeaders.Clear();
_httpClient.DefaultRequestHeaders.Authorization=新的AuthenticationHeaderValue(“X-API_密钥”,“081f0fca-1bca-4e8e-9a24-22ff2c3d462c”);
_httpClient.Timeout=新的时间跨度(0,0,30);
_httpClient.DefaultRequestHeaders.Clear();
_httpClient.DefaultRequestHeaders.Accept.Add(新的MediaTypeWithQualityHeaderValue(“应用程序/json”);
}
公共异步任务运行()
{
等待GetResource();
}
公共异步任务GetResource()
{
var response=wait_httpClient.GetAsync(“/v1/song/latest”);
response.EnsureSuccessStatusCode();
var content=await response.content.ReadAsStringAsync();
var movies=新列表();
if(response.Content.Headers.ContentType.MediaType==“应用程序/json”)
{
movies=JsonConvert.DeserializeObject(内容);
}
}
我得到一个关于该api的600无效查询,因此我无法确认。但是,我认为您需要像这样添加api密钥:
_httpClient.DefaultRequestHeaders.Add("X-API_KEY", "081f0fca-1bca-4e8e-9a24-22ff2c3d462c");
public async Task GetResource()
{
CRUDService(); // <<<<---- this was added <<<<----
var response = await _httpClient.GetAsync("/v1/song/latest");
response.EnsureSuccessStatusCode();
var content = await response.Content.ReadAsStringAsync();
var movies = new List<Movie>();
if (response.Content.Headers.ContentType.MediaType == "application/json")
{
movies = JsonConvert.DeserializeObject<List<Movie>>(content);
}
}
…而不是将其添加到DefaultRequestHeaders.Authorization
Paul我不确定它是否会起作用,但看起来您并不是在实例化/初始化CRUDService-您可能需要执行以下操作:
_httpClient.DefaultRequestHeaders.Add("X-API_KEY", "081f0fca-1bca-4e8e-9a24-22ff2c3d462c");
public async Task GetResource()
{
CRUDService(); // <<<<---- this was added <<<<----
var response = await _httpClient.GetAsync("/v1/song/latest");
response.EnsureSuccessStatusCode();
var content = await response.Content.ReadAsStringAsync();
var movies = new List<Movie>();
if (response.Content.Headers.ContentType.MediaType == "application/json")
{
movies = JsonConvert.DeserializeObject<List<Movie>>(content);
}
}
公共异步任务GetResource()
{
CRUDService();//我真的希望那不是你真正的API密钥…@MattOestreich是的,没错。为了安全起见。对不起。你知道如何在Startup.cs中全局注册该API密钥,以便它可以通过应用程序访问吗?谢谢你会使用app.config/web.config文件:ASP.NET Core有一个完整的系统来存储AP之类的东西I键。a可能是生产工作流的好地方(或者如果您在Azure中)。我建议通读一遍,了解如何有效地使用
HttpClient
。