Fatal编程技术网
  • csharp/
  • C# 如何在我的asp net core 3.1控制器中设置特定操作的基本身份验证?

C# 如何在我的asp net core 3.1控制器中设置特定操作的基本身份验证?

c# asp.net-core asp.net-web-api

C# 如何在我的asp net core 3.1控制器中设置特定操作的基本身份验证?,c#,asp.net-core,asp.net-web-api,asp.net-core-webapi,basic-authentication,C#,Asp.net Core,Asp.net Web Api,Asp.net Core Webapi,Basic Authentication,我正在使用asp.net core 3.1创建一个webapi,我想使用基本身份验证,我将根据Active Directory进行身份验证 我创建了一个身份验证处理程序和服务,但问题是,当我用[Authorize]修饰控制器操作时,调用控制器操作时不会调用handleAuthenticateAync函数(尽管调用了hander的构造函数)。相反,我只得到了401的回复: GET https://localhost:44321/Test/RequiresAuthentication HTTP/1.

我正在使用asp.net core 3.1创建一个webapi,我想使用基本身份验证,我将根据Active Directory进行身份验证

我创建了一个身份验证处理程序和服务,但问题是,当我用[Authorize]修饰控制器操作时,调用控制器操作时不会调用handleAuthenticateAync函数(尽管调用了hander的构造函数)。相反,我只得到了401的回复:

GET https://localhost:44321/Test/RequiresAuthentication HTTP/1.1
Authorization: Basic ..........
User-Agent: PostmanRuntime/7.26.8
Accept: */*
Postman-Token: d58490e4-2707-4b75-9cfa-679509951860
Host: localhost:44321
Accept-Encoding: gzip, deflate, br
Connection: keep-alive



HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 10 Dec 2020 16:31:16 GMT
Content-Length: 0
如果我调用一个没有[Authorize]属性的操作,则调用handleAuthenticationAsync函数,但即使handleAuthenticationAsync返回AuthenticateResult.Fail,该操作也会执行并返回一个200。我一定完全误解了这是怎么回事

GET https://localhost:44321/Test/NoAuthenticationRequired HTTP/1.1
User-Agent: PostmanRuntime/7.26.8
Accept: */*
Postman-Token: 81dd4c2a-32b6-45b9-bb88-9c6093f3675e
Host: localhost:44321
Accept-Encoding: gzip, deflate, br
Connection: keep-alive


HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 10 Dec 2020 16:35:36 GMT
Content-Length: 3

Ok!
我有一个控制器,其中有一个操作我想对其进行身份验证,另一个我不想:

[ApiController]
[Route("[controller]")]
public class TestController : ControllerBase
{

    private readonly ILogger<TestController> _logger;

    public TestController(ILogger<TestController> logger)
    {
        _logger = logger;
    }

    [HttpGet("RequiresAuthentication")]
    [Authorize]
    public string RestrictedGet()
    {
        return "Ok!";
    }

    [HttpGet("NoAuthenticationRequired")]
    public string NonRestrictedGet()
    {
        return "Ok!";
    }
}
尝试交换app.UseAuthorization()和app.UseAuthorization()的顺序。因为
UseAuthentication
将解析令牌,然后将用户信息提取到
HttpContext.user
。然后,UseAuthorization将根据身份验证方案进行授权。

您是否尝试在HandleAuthenticationAsync上设置断点,并查看从客户端传递的用户名和密码是否被正确捕获?401表示您未经授权但可以进行身份验证,403不允许您进行身份验证,您可以粘贴401的输出吗?它应该告诉我们它正在请求什么身份验证信息以及您发送什么,请参见此处尝试交换
app.UseAuthorization()
app.UseAuthorization()
@saj的顺序-我已将请求和响应粘贴到问题中。401计划没有内容。是的,你是对的·UseAuthentication·将解析令牌,然后将用户信息提取到
HttpContext.user
public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
    private IBasicAuthenticationService _authService;

    public BasicAuthenticationHandler(
            IOptionsMonitor<AuthenticationSchemeOptions> options,
            ILoggerFactory logger,
            UrlEncoder encoder,
            ISystemClock clock,
            IBasicAuthenticationService authService)
            : base(options, logger, encoder, clock)
    {
        ...
        _authService = authService;
    }

    protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        // skip authentication if endpoint has [AllowAnonymous] attribute
        var endpoint = Context.GetEndpoint();

        if (endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null)
        {
            return AuthenticateResult.NoResult();
        }

        if (!Request.Headers.ContainsKey("Authorization"))
        {
            return AuthenticateResult.Fail("Missing Authorization Header.");
        }

        IBasicAuthenticationServiceUser user = null;
        try
        {
            var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
            var credentialBytes = Convert.FromBase64String(authHeader.Parameter);
            var credentials = Encoding.UTF8.GetString(credentialBytes).Split(new[] { ':' }, 2);
            var username = credentials[0];
            var password = credentials[1];
            user = await _authService.Authenticate(username, password);
        }
        catch
        {
            return AuthenticateResult.Fail("Invalid Authorization Header.");
        }

        if (user == null)
        {
            return AuthenticateResult.Fail("Invalid Username or Password.");
        }

        var claims = new[] {
                new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
                new Claim(ClaimTypes.Name, user.UserName),
            };

        var identity = new ClaimsIdentity(claims, Scheme.Name);
        var principal = new ClaimsPrincipal(identity);
        var ticket = new AuthenticationTicket(principal, Scheme.Name);

        return AuthenticateResult.Success(ticket);
    }
}

class BasicAuthenticationActiveDirectoryService : IBasicAuthenticationService
{
    private class User : IBasicAuthenticationServiceUser
    {
        public string Id { get; set; }
        public string UserName { get; set; }
        public string Lastname { get; set; }
        public string FirstName { get; set; }
        public string Email { get; set; }
    }

    public async Task<IBasicAuthenticationServiceUser> Authenticate(string username, string password)
    {
        string domain = GetDomain(username);

        using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain))
        {
            // validate the credentials
            bool isValid = pc.ValidateCredentials(username, password);

            if (isValid)
            {
                User user = new User()
                {
                    Id = username,
                    UserName = username
                };

                UserPrincipal up = UserPrincipal.FindByIdentity(pc, username);

                user.FirstName = up.GivenName;
                user.Lastname = up.Surname;
                user.Email = up.EmailAddress;

                return user;
            }
            else
            {
                return null;
            }
        }
    }

    private string GetDomain(string username)
    {
        if (string.IsNullOrEmpty(username))
        {
            throw new ArgumentNullException(nameof(username), "User name cannot be null or empty.");
        }

        int delimiter = username.IndexOf("\\");
        if (delimiter > -1)
        {
            return username.Substring(0, delimiter);
        }
        else
        {
            return null;
        }
    }
}

public void ConfigureServices(IServiceCollection services)
{
    // configure DI for application services
    services.AddScoped<IBasicAuthenticationService, BasicAuthenticationActiveDirectoryService>();

    //Set up basic authentication
    services.AddAuthentication("BasicAuthentication")
        .AddScheme<Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);

    ...
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }

   ...

    app.UseHttpsRedirection();

    app.UseRouting();

    app.UseAuthorization();
    app.UseAuthentication();

    app.UseEndpoints(endpoints =>
    {
        endpoints.MapControllers();
    });
}