C# 无法在从MVC网站调用的Web API服务中进行身份验证
我有一个ASP.NETMVC网站,前端使用angular,然后需要与RESTWebAPI服务通信以检索数据。在我的MVC项目中,我有针对自定义提供程序的身份验证逻辑,使用ADLDS这一切都可以正常工作。然而,对RESTWebAPI的调用没有传递任何身份验证数据,我无法确定如何将通过MVC身份验证的用户传递给RESTWebAPI 下面是对Web API的一个示例调用C# 无法在从MVC网站调用的Web API服务中进行身份验证,c#,angularjs,asp.net-mvc,asp.net-web-api,C#,Angularjs,Asp.net Mvc,Asp.net Web Api,我有一个ASP.NETMVC网站,前端使用angular,然后需要与RESTWebAPI服务通信以检索数据。在我的MVC项目中,我有针对自定义提供程序的身份验证逻辑,使用ADLDS这一切都可以正常工作。然而,对RESTWebAPI的调用没有传递任何身份验证数据,我无法确定如何将通过MVC身份验证的用户传递给RESTWebAPI 下面是对Web API的一个示例调用 public void ApproveModel(int modelVersionId, string comments)
public void ApproveModel(int modelVersionId, string comments)
{
var request = new RestRequest("api/modelversion", Method.POST) { RequestFormat = DataFormat.Json };
request.AddBody(new[] { new ModelAction { ModelActionType = ModelActionConstants.ModelActionApproveModel, ActionParameters = new Dictionary<string, string> { { ModelActionConstants.ModelActionParameterModelVersionId, modelVersionId.ToString(CultureInfo.InvariantCulture) }, {ModelActionConstants.ModelActionParameterComments, comments} } } });
request.UseDefaultCredentials = true;
var response = _client.Execute(request);
if (response.StatusCode != HttpStatusCode.OK)
throw new ServerException(response.Content);
}
public class ValidateAccess : ClaimsAuthorizeAttribute
{
private static readonly ILog Log = LogManager.GetLogger(typeof(ValidateAccess));
private readonly string _resource;
private readonly string _claimsAction;
public ValidateAccess(string claimsAction, string resource)
{
_claimsAction = claimsAction;
_resource = resource;
XmlConfigurator.Configure();
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
if (actionContext == null) throw new ArgumentNullException("actionContext");
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
Log.InfoFormat("User {0} is not authenticated - Not authorizing further. Redirecting to error page.",
HttpContext.Current.User.Identity.Name);
return false;
}
// specified users or roles when we use our attribute
return CheckAccess(actionContext);
}
protected override bool CheckAccess(HttpActionContext actionContext)
{
if (_claimsAction == String.Empty && _resource == string.Empty)
{
//user is in landing page
return true;
}
return ClaimsAuthorization.CheckAccess(_claimsAction, _resource);
}
}
- 我不熟悉Web Api。
是对API调用强制执行访问策略的正确方法吗IsAuthorized(HttpActionContext-actionContext) - 为什么我的用户标识为null
public class ValidateAccess : ClaimsAuthorizeAttribute
{
private static readonly ILog Log = LogManager.GetLogger(typeof(ValidateAccess));
private readonly string _resource;
private readonly string _claimsAction;
public ValidateAccess(string claimsAction, string resource)
{
_claimsAction = claimsAction;
_resource = resource;
XmlConfigurator.Configure();
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
if (actionContext == null) throw new ArgumentNullException("actionContext");
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
Log.InfoFormat("User {0} is not authenticated - Not authorizing further. Redirecting to error page.",
HttpContext.Current.User.Identity.Name);
return false;
}
// specified users or roles when we use our attribute
return CheckAccess(actionContext);
}
protected override bool CheckAccess(HttpActionContext actionContext)
{
if (_claimsAction == String.Empty && _resource == string.Empty)
{
//user is in landing page
return true;
}
return ClaimsAuthorization.CheckAccess(_claimsAction, _resource);
}
}