C# 授权标头为空_C#_Asp.net_Asp.net Mvc_Asp.net Mvc 4_Asp.net Web Api

C# 授权标头为空

c# asp.net asp.net-mvc asp.net-mvc-4 asp.net-web-api

C# 授权标头为空,c#,asp.net,asp.net-mvc,asp.net-mvc-4,asp.net-web-api,C#,Asp.net,Asp.net Mvc,Asp.net Mvc 4,Asp.net Web Api,基本身份验证模块 public class BasicAuthHttpModule : IHttpModule { private const string Realm = "AngularWebAPI"; public void Init(HttpApplication context) { // Register event handlers context.AuthenticateRequest += OnApplicationAu

基本身份验证模块

public class BasicAuthHttpModule : IHttpModule
{
    private const string Realm = "AngularWebAPI";

    public void Init(HttpApplication context)
    {
        // Register event handlers
        context.AuthenticateRequest += OnApplicationAuthenticateRequest;
        context.EndRequest += OnApplicationEndRequest;
    }

    private static void SetPrincipal(IPrincipal principal)
    {
        Thread.CurrentPrincipal = principal;
        if (HttpContext.Current != null)
        {
            HttpContext.Current.User = principal;
        }
    }

    private static bool AuthenticateUser(string credentials)
    {
        var encoding = Encoding.GetEncoding("iso-8859-1");
        credentials = encoding.GetString(Convert.FromBase64String(credentials));

        var credentialsArray = credentials.Split(':');
        var username = credentialsArray[0];
        var password = credentialsArray[1];

        /* REPLACE THIS WITH REAL AUTHENTICATION
        ----------------------------------------------*/
        if (!(username == "test" && password == "test"))
        {
            return false;
        }

        var identity = new GenericIdentity(username);
        SetPrincipal(new GenericPrincipal(identity, null));

        return true;
    }

    private static void OnApplicationAuthenticateRequest(object sender, EventArgs e)
    {
        var request = HttpContext.Current.Request;
        var authHeader = request.Headers["Authorization"];
        if (authHeader != null)
        {
            var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader);

            // RFC 2617 sec 1.2, "scheme" name is case-insensitive
            if (authHeaderVal.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase) && authHeaderVal.Parameter != null)
            {
                AuthenticateUser(authHeaderVal.Parameter);
            }
        }
    }

    // If the request was unauthorized, add the WWW-Authenticate header
    // to the response.
    private static void OnApplicationEndRequest(object sender, EventArgs e)
    {
        var response = HttpContext.Current.Response;
        if (response.StatusCode == 401)
        {
            response.Headers.Add("WWW-Authenticate", string.Format("Basic realm=\"{0}\"", Realm));
        }
    }

       public void Dispose()
       {
       }
    }

Api控制器

[Authorize]
public class SecureDataController : ApiController
{
   public IHttpActionResult Get()
   {
    return Ok(new { secureData = "You have to be authenticated to access this!" });
    }
}

HttpActionContext.Request.Headers.Authorization始终为空

有什么想法吗

谢谢，

那么您的问题可能出在客户端代码中。向我们展示您如何创建http请求我只是从浏览器调用api控制器，也就是说，这就是授权标头为空的原因…：）你不能使用浏览器，你必须通过c#/javascript/java等客户端应用程序中的代码来实现这一点。这就是我在现有web应用程序中所做的，我刚刚添加了一个web api控制器。但是，如果我创建了一个WebAPI类型的新项目，那么浏览器会提示输入用户名和密码。这就是为什么我认为它应该问我这个问题。它要求用户名/密码，因为您可能在“新建项目向导”中启用了Windows身份验证