Encryption Web API授权没有';在使用RSA私钥解密授权令牌并更改或添加授权头处理程序后,无法工作

Encryption Web API授权没有';在使用RSA私钥解密授权令牌并更改或添加授权头处理程序后,无法工作,encryption,asp.net-web-api,rsa,Encryption,Asp.net Web Api,Rsa,消息处理程序: using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Net.Http; using System.Net; using System.Threading.Tasks; using System.Threading; using WebAPI.RSA; using System.Net.Http.Headers; using Microso

消息处理程序:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Net.Http;
using System.Net;
using System.Threading.Tasks;
using System.Threading;
using WebAPI.RSA;
using System.Net.Http.Headers;
using Microsoft.AspNet.Identity;
using Microsoft.AspNet.Identity.Owin;
using Microsoft.AspNet.Identity.EntityFramework;

namespace WebAPI.Handler
 {
   public class TokenInspector : DelegatingHandler
   {
      RSAClass RSAObject = new RSAClass();
      string token;


      protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
      {
        string HEADER_NAME = "X-Token";

         HttpRequestMessage Header = new HttpRequestMessage();


        if (request.Headers.Contains(HEADER_NAME))
        {

            string encryptedToken = request.Headers.GetValues(HEADER_NAME).First();
            try
            {
                token = RSAObject.DecryptByPrivKey(encryptedToken);
/* Here I decrypt Authorization token by RSA private key. And this token
is encrypted by client end by corresponding public key */

                request.Headers.Remove(HEADER_NAME);
                request.Headers.Add("Authorization", token);

/*Here I remove temporary header(X-Token) from HttpRequestMessage request
message and Add Authorization header */


            }
            catch (Exception ex)
            {
                HttpResponseMessage reply = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Invalid token. Outer Check");
                return Task.FromResult(reply);
            }
        }
        else
        {
            HttpResponseMessage reply = request.CreateErrorResponse(HttpStatusCode.Unauthorized, "Request is missing authorization token.Outer Check");
            return Task.FromResult(reply);
        }


      var response = base.SendAsync(request, cancellationToken);

/*Here Modified HttpRequestMessage "request" is send to inner handler 
for Authorization by plain text bearer token of Authorization Header" */

        return response;

/* But Get Unauthorized response. Problems occur only when I change or Add
Authorization header at request message but no problem shown when I add accept, content-type etc. headers. I think inner handler "base.SendAsync(request, cancellationToken)" gets Authorization related header information from IIS or Server Module?" */


      }
   }
}
使用系统;
使用System.Collections.Generic;
使用System.Linq;
使用System.Web;
使用System.Net.Http;
Net系统;
使用System.Threading.Tasks;
使用系统线程;
使用WebAPI.RSA;
使用System.Net.Http.Header;
使用Microsoft.AspNet.Identity;
使用Microsoft.AspNet.Identity.Owin;
使用Microsoft.AspNet.Identity.EntityFramework;
名称空间WebAPI.Handler
{
公共类令牌检查器:DelegatingHandler
{
RSAClass RSAObject=新的RSAClass();
字符串标记;
受保护的覆盖任务SendAsync(HttpRequestMessage请求,CancellationToken CancellationToken)
{
字符串头\u NAME=“X-Token”;
HttpRequestMessage头=新建HttpRequestMessage();
if(request.Headers.Contains(HEADER\u NAME))
{
string encryptedToken=request.Headers.GetValues(HEADER_NAME).First();
尝试
{
令牌=RSAObject.DecryptByPrivKey(encryptedToken);
/*这里我用RSA私钥解密授权令牌
由客户端通过相应的公钥进行加密*/
request.Headers.Remove(HEADER\u NAME);
添加(“授权”,令牌);
/*这里我从HttpRequestMessage请求中删除临时头(X-Token)
消息和添加授权标头*/
}
捕获(例外情况除外)
{
HttpResponseMessage reply=request.CreateErrorResponse(HttpStatusCode.Unauthorized,“无效令牌.外部检查”);
返回任务.FromResult(回复);
}
}
其他的
{
HttpResponseMessage reply=request.CreateErrorResponse(HttpStatusCode.Unauthorized,“请求缺少授权令牌。外部检查”);
返回任务.FromResult(回复);
}
var response=base.sendaync(请求、取消令牌);
/*这里修改的HttpRequestMessage“request”被发送到内部处理程序
用于通过授权头的纯文本承载令牌进行授权”*/
返回响应;
/*但得到未经授权的响应。只有在我更改或添加时才会出现问题
请求消息中的授权标头,但在添加accept、content type等标头时没有显示问题。我认为内部处理程序“base.sendaync(request,cancellationToken)”从IIS或服务器模块获取与授权相关的标头信息*/
}
}
}
我的Web API配置文件:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using System.Net.Http.Headers;
using System.Net.Http.Formatting;
using Newtonsoft.Json.Serialization;
using WebAPI.Handler;
using System.Web.Http.Dispatcher;

namespace WebAPI
{
  public static class WebApiConfig
  {
    public static void Register(HttpConfiguration config)
    {
       // Create and instance of TokenInspector setting the default  inner handler
        TokenInspector tokenInspector = new TokenInspector() {  InnerHandler = new HttpControllerDispatcher(config) };



        // Web API routes
   //  config.MapHttpAttributeRoutes();

        config.Routes.MapHttpRoute(
         name: "Tokens",
         routeTemplate: "api/tokens",
        defaults: new { controller = "tokens" }
         );

        config.Routes.MapHttpRoute(
            name: "DefaultApi",
            routeTemplate: "api/{controller}/{id}",
            defaults: new { id = RouteParameter.Optional },
            constraints: null,
            handler: tokenInspector
        );

        config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html"));

        var jsonFormatter = config.Formatters.OfType<JsonMediaTypeFormatter>().First();
        jsonFormatter.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();





       }
    }
 }
使用系统;
使用System.Collections.Generic;
使用System.Linq;
使用System.Web.Http;
使用System.Net.Http.Header;
使用System.Net.Http.Formatting;
使用Newtonsoft.Json.Serialization;
使用WebAPI.Handler;
使用System.Web.Http.Dispatcher;
命名空间WebAPI
{
公共静态类WebApiConfig
{
公共静态无效寄存器(HttpConfiguration配置)
{
//创建TokenInspector实例并设置默认内部处理程序
TokenInspector TokenInspector=new TokenInspector(){InnerHandler=new HttpControllerDispatcher(config)};
//Web API路由
//config.maphttpAttribute路由();
config.Routes.MapHttpRoute(
名称:“代币”,
routeTemplate:“api/令牌”,
默认值:新建{controller=“tokens”}
);
config.Routes.MapHttpRoute(
名称:“DefaultApi”,
routeTemplate:“api/{controller}/{id}”,
默认值:new{id=RouteParameter.Optional},
约束:null,
处理程序:令牌检查器
);
config.Formatters.JsonFormatter.SupportedMediaTypes.Add(新的MediaTypeHeaderValue(“text/html”);
var jsonFormatter=config.Formatters.OfType().First();
jsonFormatter.SerializerSettings.ContractResolver=新的CamelCasePropertyNamesContractResolver();
}
}
}
我的Web Api控制器:

 using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
 using System.Web.Http;

 namespace WebAPI.Controllers
{
  [RoutePrefix("api/Orders")]
 public class OrdersController : ApiController
  {
    public OrdersController()
    {
        //string _access_token=
    }

    [Authorize(Roles = "admin")]
    [Route("")]
    public IHttpActionResult Post()
    {
        return Ok(Order.CreateOrders());
    }


   [Authorize(Roles = "user")]
    [Route("")]
    public IHttpActionResult Get()
    {
        return Ok(Order.CreateOrders());
    }



  }

#region Helpers

public class Order
{
    public int OrderID { get; set; }
    public string CustomerName { get; set; }
    public string ShipperCity { get; set; }
    public Boolean IsShipped { get; set; }

    public static List<Order> CreateOrders()
    {
        List<Order> OrderList = new List<Order> 
        {
            new Order {OrderID = 10248, CustomerName = "Taiseer Joudeh", ShipperCity = "Amman", IsShipped = true },
            new Order {OrderID = 10249, CustomerName = "Ahmad Hasan", ShipperCity = "Dubai", IsShipped = false},`enter code here`
            new Order {OrderID = 10250,CustomerName = "Tamer Yaser", ShipperCity = "Jeddah", IsShipped = false },
            new Order {OrderID = 10251,CustomerName = "Lina Majed", ShipperCity = "Abu Dhabi", IsShipped = false},
            new Order {OrderID = 10252,CustomerName = "Yasmeen Rami", ShipperCity = "Kuwait", IsShipped = true}
        };

        return OrderList;
      }
  }

 #endregion
使用系统;
使用System.Collections.Generic;
使用System.Linq;
Net系统;
使用System.Net.Http;
使用System.Web.Http;
命名空间WebAPI.Controllers
{
[RoutePrefix(“api/订单”)]
公共类OrdersController:ApicController
{
公共秩序控制器()
{
//字符串\u访问\u令牌=
}
[授权(Roles=“admin”)]
[路线(“”)
公共IHttpActionResult Post()
{
返回Ok(Order.CreateOrders());
}
[授权(角色=“用户”)]
[路线(“”)
public IHttpActionResult Get()
{
返回Ok(Order.CreateOrders());
}
}
#地区助手
公共阶级秩序
{
公共int-OrderID{get;set;}
公共字符串CustomerName{get;set;}
公共字符串ShipperCity{get;set;}
公共布尔IsShipped{get;set;}
公共静态列表CreateOrders()
{
List OrderList=新列表
{
新订单{OrderID=10248,CustomerName=“Taiseer Joudeh”,ShipperCity=“Amman”,IsShipped=true},
新订单{OrderID=10249,CustomerName=“Ahmad Hasan”,ShipperCity=“Dubai”,IsShipped=false},`在此处输入代码`
新订单{OrderID=10250,CustomerName=“Tamer Yaser”,ShipperCity=“吉达”,IsShipped=false},
新订单{OrderID=10251,CustomerName=“Lina Majed”,ShipperCity=“Abu Dhabi”,IsShipped=false},
新订单{OrderID=10252,CustomerName=“Yasmeen Rami”,ShipperCity=“科威特”,IsShipped=true}
};
返回订单列表;
}
}
#端区

}

请提供更多详细信息,以了解看到的行为类型、引发的错误。//Http请求消息POST/api/Orders Http/1.1主机:本地主机:24406 X-Token:cZn/OH9YLXP2WITVDCT4Z2JD1FHNDKY2BC1EOMRC2xDK3VCVWWG4IHTVSJMEC9+So8jOPRaMrfub08kUy9JFcH/uyb6//HTTP响应{“消息”:“此请求的授权已被拒绝。”}