Encryption Web API授权没有';在使用RSA私钥解密授权令牌并更改或添加授权头处理程序后,无法工作
消息处理程序:Encryption Web API授权没有';在使用RSA私钥解密授权令牌并更改或添加授权头处理程序后,无法工作,encryption,asp.net-web-api,rsa,Encryption,Asp.net Web Api,Rsa,消息处理程序: using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Net.Http; using System.Net; using System.Threading.Tasks; using System.Threading; using WebAPI.RSA; using System.Net.Http.Headers; using Microso
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Net.Http;
using System.Net;
using System.Threading.Tasks;
using System.Threading;
using WebAPI.RSA;
using System.Net.Http.Headers;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.AspNet.Identity.EntityFramework;
namespace WebAPI.Handler
{
public class TokenInspector : DelegatingHandler
{
RSAClass RSAObject = new RSAClass();
string token;
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
string HEADER_NAME = "X-Token";
HttpRequestMessage Header = new HttpRequestMessage();
if (request.Headers.Contains(HEADER_NAME))
{
string encryptedToken = request.Headers.GetValues(HEADER_NAME).First();
try
{
token = RSAObject.DecryptByPrivKey(encryptedToken);
/* Here I decrypt Authorization token by RSA private key. And this token
is encrypted by client end by corresponding public key */
request.Headers.Remove(HEADER_NAME);
request.Headers.Add("Authorization", token);
/*Here I remove temporary header(X-Token) from HttpRequestMessage request
message and Add Authorization header */
}
catch (Exception ex)
{
HttpResponseMessage reply = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Invalid token. Outer Check");
return Task.FromResult(reply);
}
}
else
{
HttpResponseMessage reply = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Request is missing authorization token.Outer Check");
return Task.FromResult(reply);
}
var response = base.SendAsync(request, cancellationToken);
/*Here Modified HttpRequestMessage "request" is send to inner handler
for Authorization by plain text bearer token of Authorization Header" */
return response;
/* But Get Unauthorized response. Problems occur only when I change or Add
Authorization header at request message but no problem shown when I add accept, content-type etc. headers. I think inner handler "base.SendAsync(request, cancellationToken)" gets Authorization related header information from IIS or Server Module?" */
}
}
}
使用系统;
使用System.Collections.Generic;
使用System.Linq;
使用System.Web;
使用System.Net.Http;
Net系统;
使用System.Threading.Tasks;
使用系统线程;
使用WebAPI.RSA;
使用System.Net.Http.Header;
使用Microsoft.AspNet.Identity;
使用Microsoft.AspNet.Identity.Owin;
使用Microsoft.AspNet.Identity.EntityFramework;
名称空间WebAPI.Handler
{
公共类令牌检查器:DelegatingHandler
{
RSAClass RSAObject=新的RSAClass();
字符串标记;
受保护的覆盖任务SendAsync(HttpRequestMessage请求,CancellationToken CancellationToken)
{
字符串头\u NAME=“X-Token”;
HttpRequestMessage头=新建HttpRequestMessage();
if(request.Headers.Contains(HEADER\u NAME))
{
string encryptedToken=request.Headers.GetValues(HEADER_NAME).First();
尝试
{
令牌=RSAObject.DecryptByPrivKey(encryptedToken);
/*这里我用RSA私钥解密授权令牌
由客户端通过相应的公钥进行加密*/
request.Headers.Remove(HEADER\u NAME);
添加(“授权”,令牌);
/*这里我从HttpRequestMessage请求中删除临时头(X-Token)
消息和添加授权标头*/
}
捕获(例外情况除外)
{
HttpResponseMessage reply=request.CreateErrorResponse(HttpStatusCode.Unauthorized,“无效令牌.外部检查”);
返回任务.FromResult(回复);
}
}
其他的
{
HttpResponseMessage reply=request.CreateErrorResponse(HttpStatusCode.Unauthorized,“请求缺少授权令牌。外部检查”);
返回任务.FromResult(回复);
}
var response=base.sendaync(请求、取消令牌);
/*这里修改的HttpRequestMessage“request”被发送到内部处理程序
用于通过授权头的纯文本承载令牌进行授权”*/
返回响应;
/*但得到未经授权的响应。只有在我更改或添加时才会出现问题
请求消息中的授权标头,但在添加accept、content type等标头时没有显示问题。我认为内部处理程序“base.sendaync(request,cancellationToken)”从IIS或服务器模块获取与授权相关的标头信息*/
}
}
}
我的Web API配置文件:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using System.Net.Http.Headers;
using System.Net.Http.Formatting;
using Newtonsoft.Json.Serialization;
using WebAPI.Handler;
using System.Web.Http.Dispatcher;
namespace WebAPI
{
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Create and instance of TokenInspector setting the default inner handler
TokenInspector tokenInspector = new TokenInspector() { InnerHandler = new HttpControllerDispatcher(config) };
// Web API routes
// config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "Tokens",
routeTemplate: "api/tokens",
defaults: new { controller = "tokens" }
);
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional },
constraints: null,
handler: tokenInspector
);
config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html"));
var jsonFormatter = config.Formatters.OfType<JsonMediaTypeFormatter>().First();
jsonFormatter.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
}
}
}
使用系统;
使用System.Collections.Generic;
使用System.Linq;
使用System.Web.Http;
使用System.Net.Http.Header;
使用System.Net.Http.Formatting;
使用Newtonsoft.Json.Serialization;
使用WebAPI.Handler;
使用System.Web.Http.Dispatcher;
命名空间WebAPI
{
公共静态类WebApiConfig
{
公共静态无效寄存器(HttpConfiguration配置)
{
//创建TokenInspector实例并设置默认内部处理程序
TokenInspector TokenInspector=new TokenInspector(){InnerHandler=new HttpControllerDispatcher(config)};
//Web API路由
//config.maphttpAttribute路由();
config.Routes.MapHttpRoute(
名称:“代币”,
routeTemplate:“api/令牌”,
默认值:新建{controller=“tokens”}
);
config.Routes.MapHttpRoute(
名称:“DefaultApi”,
routeTemplate:“api/{controller}/{id}”,
默认值:new{id=RouteParameter.Optional},
约束:null,
处理程序:令牌检查器
);
config.Formatters.JsonFormatter.SupportedMediaTypes.Add(新的MediaTypeHeaderValue(“text/html”);
var jsonFormatter=config.Formatters.OfType().First();
jsonFormatter.SerializerSettings.ContractResolver=新的CamelCasePropertyNamesContractResolver();
}
}
}
我的Web Api控制器:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web.Http;
namespace WebAPI.Controllers
{
[RoutePrefix("api/Orders")]
public class OrdersController : ApiController
{
public OrdersController()
{
//string _access_token=
}
[Authorize(Roles = "admin")]
[Route("")]
public IHttpActionResult Post()
{
return Ok(Order.CreateOrders());
}
[Authorize(Roles = "user")]
[Route("")]
public IHttpActionResult Get()
{
return Ok(Order.CreateOrders());
}
}
#region Helpers
public class Order
{
public int OrderID { get; set; }
public string CustomerName { get; set; }
public string ShipperCity { get; set; }
public Boolean IsShipped { get; set; }
public static List<Order> CreateOrders()
{
List<Order> OrderList = new List<Order>
{
new Order {OrderID = 10248, CustomerName = "Taiseer Joudeh", ShipperCity = "Amman", IsShipped = true },
new Order {OrderID = 10249, CustomerName = "Ahmad Hasan", ShipperCity = "Dubai", IsShipped = false},`enter code here`
new Order {OrderID = 10250,CustomerName = "Tamer Yaser", ShipperCity = "Jeddah", IsShipped = false },
new Order {OrderID = 10251,CustomerName = "Lina Majed", ShipperCity = "Abu Dhabi", IsShipped = false},
new Order {OrderID = 10252,CustomerName = "Yasmeen Rami", ShipperCity = "Kuwait", IsShipped = true}
};
return OrderList;
}
}
#endregion
使用系统;
使用System.Collections.Generic;
使用System.Linq;
Net系统;
使用System.Net.Http;
使用System.Web.Http;
命名空间WebAPI.Controllers
{
[RoutePrefix(“api/订单”)]
公共类OrdersController:ApicController
{
公共秩序控制器()
{
//字符串\u访问\u令牌=
}
[授权(Roles=“admin”)]
[路线(“”)
公共IHttpActionResult Post()
{
返回Ok(Order.CreateOrders());
}
[授权(角色=“用户”)]
[路线(“”)
public IHttpActionResult Get()
{
返回Ok(Order.CreateOrders());
}
}
#地区助手
公共阶级秩序
{
公共int-OrderID{get;set;}
公共字符串CustomerName{get;set;}
公共字符串ShipperCity{get;set;}
公共布尔IsShipped{get;set;}
公共静态列表CreateOrders()
{
List OrderList=新列表
{
新订单{OrderID=10248,CustomerName=“Taiseer Joudeh”,ShipperCity=“Amman”,IsShipped=true},
新订单{OrderID=10249,CustomerName=“Ahmad Hasan”,ShipperCity=“Dubai”,IsShipped=false},`在此处输入代码`
新订单{OrderID=10250,CustomerName=“Tamer Yaser”,ShipperCity=“吉达”,IsShipped=false},
新订单{OrderID=10251,CustomerName=“Lina Majed”,ShipperCity=“Abu Dhabi”,IsShipped=false},
新订单{OrderID=10252,CustomerName=“Yasmeen Rami”,ShipperCity=“科威特”,IsShipped=true}
};
返回订单列表;
}
}
#端区
}请提供更多详细信息,以了解看到的行为类型、引发的错误。//Http请求消息POST/api/Orders Http/1.1主机:本地主机:24406 X-Token:cZn/OH9YLXP2WITVDCT4Z2JD1FHNDKY2BC1EOMRC2xDK3VCVWWG4IHTVSJMEC9+So8jOPRaMrfub08kUy9JFcH/uyb6//HTTP响应{“消息”:“此请求的授权已被拒绝。”}