C# 授权标头为空
基本身份验证模块C# 授权标头为空,c#,asp.net,asp.net-mvc,asp.net-mvc-4,asp.net-web-api,C#,Asp.net,Asp.net Mvc,Asp.net Mvc 4,Asp.net Web Api,基本身份验证模块 public class BasicAuthHttpModule : IHttpModule { private const string Realm = "AngularWebAPI"; public void Init(HttpApplication context) { // Register event handlers context.AuthenticateRequest += OnApplicationAu
public class BasicAuthHttpModule : IHttpModule
{
private const string Realm = "AngularWebAPI";
public void Init(HttpApplication context)
{
// Register event handlers
context.AuthenticateRequest += OnApplicationAuthenticateRequest;
context.EndRequest += OnApplicationEndRequest;
}
private static void SetPrincipal(IPrincipal principal)
{
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
{
HttpContext.Current.User = principal;
}
}
private static bool AuthenticateUser(string credentials)
{
var encoding = Encoding.GetEncoding("iso-8859-1");
credentials = encoding.GetString(Convert.FromBase64String(credentials));
var credentialsArray = credentials.Split(':');
var username = credentialsArray[0];
var password = credentialsArray[1];
/* REPLACE THIS WITH REAL AUTHENTICATION
----------------------------------------------*/
if (!(username == "test" && password == "test"))
{
return false;
}
var identity = new GenericIdentity(username);
SetPrincipal(new GenericPrincipal(identity, null));
return true;
}
private static void OnApplicationAuthenticateRequest(object sender, EventArgs e)
{
var request = HttpContext.Current.Request;
var authHeader = request.Headers["Authorization"];
if (authHeader != null)
{
var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader);
// RFC 2617 sec 1.2, "scheme" name is case-insensitive
if (authHeaderVal.Scheme.Equals("basic", StringComparison.OrdinalIgnoreCase) && authHeaderVal.Parameter != null)
{
AuthenticateUser(authHeaderVal.Parameter);
}
}
}
// If the request was unauthorized, add the WWW-Authenticate header
// to the response.
private static void OnApplicationEndRequest(object sender, EventArgs e)
{
var response = HttpContext.Current.Response;
if (response.StatusCode == 401)
{
response.Headers.Add("WWW-Authenticate", string.Format("Basic realm=\"{0}\"", Realm));
}
}
public void Dispose()
{
}
}
Api控制器
[Authorize]
public class SecureDataController : ApiController
{
public IHttpActionResult Get()
{
return Ok(new { secureData = "You have to be authenticated to access this!" });
}
}
HttpActionContext.Request.Headers.Authorization始终为空
有什么想法吗
谢谢,那么您的问题可能出在客户端代码中。向我们展示您如何创建http请求我只是从浏览器调用api控制器,也就是说,这就是授权标头为空的原因…:)你不能使用浏览器,你必须通过c#/javascript/java等客户端应用程序中的代码来实现这一点。这就是我在现有web应用程序中所做的,我刚刚添加了一个web api控制器。但是,如果我创建了一个WebAPI类型的新项目,那么浏览器会提示输入用户名和密码。这就是为什么我认为它应该问我这个问题。它要求用户名/密码,因为您可能在“新建项目向导”中启用了Windows身份验证