C# 如何在我的asp net core 3.1控制器中设置特定操作的基本身份验证?
我正在使用asp.net core 3.1创建一个webapi,我想使用基本身份验证,我将根据Active Directory进行身份验证 我创建了一个身份验证处理程序和服务,但问题是,当我用[Authorize]修饰控制器操作时,调用控制器操作时不会调用handleAuthenticateAync函数(尽管调用了hander的构造函数)。相反,我只得到了401的回复:C# 如何在我的asp net core 3.1控制器中设置特定操作的基本身份验证?,c#,asp.net-core,asp.net-web-api,asp.net-core-webapi,basic-authentication,C#,Asp.net Core,Asp.net Web Api,Asp.net Core Webapi,Basic Authentication,我正在使用asp.net core 3.1创建一个webapi,我想使用基本身份验证,我将根据Active Directory进行身份验证 我创建了一个身份验证处理程序和服务,但问题是,当我用[Authorize]修饰控制器操作时,调用控制器操作时不会调用handleAuthenticateAync函数(尽管调用了hander的构造函数)。相反,我只得到了401的回复: GET https://localhost:44321/Test/RequiresAuthentication HTTP/1.
GET https://localhost:44321/Test/RequiresAuthentication HTTP/1.1
Authorization: Basic ..........
User-Agent: PostmanRuntime/7.26.8
Accept: */*
Postman-Token: d58490e4-2707-4b75-9cfa-679509951860
Host: localhost:44321
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 10 Dec 2020 16:31:16 GMT
Content-Length: 0
如果我调用一个没有[Authorize]属性的操作,则调用handleAuthenticationAsync函数,但即使handleAuthenticationAsync返回AuthenticateResult.Fail,该操作也会执行并返回一个200。我一定完全误解了这是怎么回事
GET https://localhost:44321/Test/NoAuthenticationRequired HTTP/1.1
User-Agent: PostmanRuntime/7.26.8
Accept: */*
Postman-Token: 81dd4c2a-32b6-45b9-bb88-9c6093f3675e
Host: localhost:44321
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Thu, 10 Dec 2020 16:35:36 GMT
Content-Length: 3
Ok!
我有一个控制器,其中有一个操作我想对其进行身份验证,另一个我不想:
[ApiController]
[Route("[controller]")]
public class TestController : ControllerBase
{
private readonly ILogger<TestController> _logger;
public TestController(ILogger<TestController> logger)
{
_logger = logger;
}
[HttpGet("RequiresAuthentication")]
[Authorize]
public string RestrictedGet()
{
return "Ok!";
}
[HttpGet("NoAuthenticationRequired")]
public string NonRestrictedGet()
{
return "Ok!";
}
}
尝试交换app.UseAuthorization()和app.UseAuthorization()的顺序。因为
UseAuthentication
将解析令牌,然后将用户信息提取到HttpContext.user
。然后,UseAuthorization将根据身份验证方案进行授权。您是否尝试在HandleAuthenticationAsync上设置断点,并查看从客户端传递的用户名和密码是否被正确捕获?401表示您未经授权但可以进行身份验证,403不允许您进行身份验证,您可以粘贴401的输出吗?它应该告诉我们它正在请求什么身份验证信息以及您发送什么,请参见此处尝试交换app.UseAuthorization()
和app.UseAuthorization()
@saj的顺序-我已将请求和响应粘贴到问题中。401计划没有内容。是的,你是对的·UseAuthentication·将解析令牌,然后将用户信息提取到HttpContext.user
。
public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
private IBasicAuthenticationService _authService;
public BasicAuthenticationHandler(
IOptionsMonitor<AuthenticationSchemeOptions> options,
ILoggerFactory logger,
UrlEncoder encoder,
ISystemClock clock,
IBasicAuthenticationService authService)
: base(options, logger, encoder, clock)
{
...
_authService = authService;
}
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
{
// skip authentication if endpoint has [AllowAnonymous] attribute
var endpoint = Context.GetEndpoint();
if (endpoint?.Metadata?.GetMetadata<IAllowAnonymous>() != null)
{
return AuthenticateResult.NoResult();
}
if (!Request.Headers.ContainsKey("Authorization"))
{
return AuthenticateResult.Fail("Missing Authorization Header.");
}
IBasicAuthenticationServiceUser user = null;
try
{
var authHeader = AuthenticationHeaderValue.Parse(Request.Headers["Authorization"]);
var credentialBytes = Convert.FromBase64String(authHeader.Parameter);
var credentials = Encoding.UTF8.GetString(credentialBytes).Split(new[] { ':' }, 2);
var username = credentials[0];
var password = credentials[1];
user = await _authService.Authenticate(username, password);
}
catch
{
return AuthenticateResult.Fail("Invalid Authorization Header.");
}
if (user == null)
{
return AuthenticateResult.Fail("Invalid Username or Password.");
}
var claims = new[] {
new Claim(ClaimTypes.NameIdentifier, user.Id.ToString()),
new Claim(ClaimTypes.Name, user.UserName),
};
var identity = new ClaimsIdentity(claims, Scheme.Name);
var principal = new ClaimsPrincipal(identity);
var ticket = new AuthenticationTicket(principal, Scheme.Name);
return AuthenticateResult.Success(ticket);
}
}
class BasicAuthenticationActiveDirectoryService : IBasicAuthenticationService
{
private class User : IBasicAuthenticationServiceUser
{
public string Id { get; set; }
public string UserName { get; set; }
public string Lastname { get; set; }
public string FirstName { get; set; }
public string Email { get; set; }
}
public async Task<IBasicAuthenticationServiceUser> Authenticate(string username, string password)
{
string domain = GetDomain(username);
using (PrincipalContext pc = new PrincipalContext(ContextType.Domain, domain))
{
// validate the credentials
bool isValid = pc.ValidateCredentials(username, password);
if (isValid)
{
User user = new User()
{
Id = username,
UserName = username
};
UserPrincipal up = UserPrincipal.FindByIdentity(pc, username);
user.FirstName = up.GivenName;
user.Lastname = up.Surname;
user.Email = up.EmailAddress;
return user;
}
else
{
return null;
}
}
}
private string GetDomain(string username)
{
if (string.IsNullOrEmpty(username))
{
throw new ArgumentNullException(nameof(username), "User name cannot be null or empty.");
}
int delimiter = username.IndexOf("\\");
if (delimiter > -1)
{
return username.Substring(0, delimiter);
}
else
{
return null;
}
}
}
public void ConfigureServices(IServiceCollection services)
{
// configure DI for application services
services.AddScoped<IBasicAuthenticationService, BasicAuthenticationActiveDirectoryService>();
//Set up basic authentication
services.AddAuthentication("BasicAuthentication")
.AddScheme<Microsoft.AspNetCore.Authentication.AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);
...
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
...
app.UseHttpsRedirection();
app.UseRouting();
app.UseAuthorization();
app.UseAuthentication();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllers();
});
}