c# - 从 Postman 测试时出现错误:HTTP Error 401.2 - Unauthorized
问题描述
当我在 IIS-8 上部署我的 WebAPI 项目并测试使用 Postman 时,它给了我错误“HTTP 错误 401.2 - 未经授权,由于身份验证标头无效,您无权查看此页面。
更多信息:当服务器配置不支持发送到 Web 服务器的 WWW-Authenticate 标头时,会发生此错误。检查资源的身份验证方法,并验证客户端使用的身份验证方法。当认证方法不同时会发生错误。要确定客户端使用的身份验证类型,请检查客户端的身份验证设置。”
在本地它工作正常。
我的 Web.Config 内容是:
<configuration>
<appSettings>
<add key="WhiteListedIPAddresses" value="::1,192.168.9.175,192.168.9.234"/> <!-- Example "::1,192.168.9.234" -->
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5.1" />
<httpRuntime targetFramework="4.5.1" />
<customErrors mode="Off"/>
<!--<authentication mode="Windows" /> -->
</system.web>
<system.webServer>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
</system.webServer>
<connectionStrings>
<!--<add name="myConnectionString" connectionString="Provider=ASAProv.80; Trusted_Connection=True;Data Source=softwrench;Persist Security Info=True;commlinks=TCPIP;" /> -->
<add name="myConnectionString" connectionString="Provider=ASAProv.80; Trusted_Connection=True;Data Source=Corporate;Persist Security Info=True;commlinks=TCPIP;" />
</connectionStrings>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
基本验证码:
namespace WebApiSampleProject
{
public class BasicAuthenticationAttribute : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
//------------------------------------------------------------------------------------------------------------------------------
string connStr = ConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionString;
string sql;
OleDbConnection conn;
OleDbDataReader rdr;
OleDbCommand cmd;
//------------------------------------------------------------------------------------------------------------------------------
var authHeader = actionContext.Request.Headers.Authorization;
if (authHeader != null)
{
var authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
var decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
var usernamePasswordArray = decodedAuthenticationToken.Split(':');
var userName = usernamePasswordArray[0];
var password = usernamePasswordArray[1];
//------------------------------------------------------------------------------------------------------------------------------
conn = new OleDbConnection(connStr);
conn.Open();
sql = "SELECT ucode, upassword FROM user_list where ucode = ?";
cmd = new OleDbCommand(sql, conn);
OleDbParameter usercode = cmd.Parameters.Add("?", OleDbType.VarChar, 15);
usercode.Value = userName;
cmd.CommandType = CommandType.Text;
rdr = cmd.ExecuteReader();
var userid = "";
var passcode = "";
if (rdr.HasRows)
{
while (rdr.Read())
{
userid = rdr["ucode"].ToString();
passcode = rdr["upassword"].ToString();
}
}
else
{
Console.WriteLine("No rows found.");
}
rdr.Close();
conn.Close();
var isValid = userName == userid && password == passcode;
//------------------------------------------------------------------------------------------------------------------------------
if (isValid)
{
var principal = new GenericPrincipal(new GenericIdentity(userName), null);
Thread.CurrentPrincipal = principal;
//actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK,"User " + userName + " successfully authenticated");
return;
}
}
HandleUnathorized(actionContext);
}
private static void HandleUnathorized(HttpActionContext actionContext)
{
//var host = actionContext.Request.RequestUri.DnsSafeHost;
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, "Username or Password is Incorrect" );
actionContext.Response.Headers.Add("WWW-Authenticate", "Basic Scheme='Data' location = 'http://192.168.9.234:");
}
}
}
在 Webapiconfig 中注册的基本身份验证为:
config.Filters.Add(new BasicAuthenticationAttribute());
使用 Postman 客户端,我在基本身份验证下传递了用户名和密码以及 Json 请求正文。
解决方案
我已经设定
<section name="authorization" overrideModeDefault="Deny" />
至
<section name="authorization" overrideModeDefault="Allow" />
在 applicationHost.Config 文件中,以解决此问题。
推荐阅读
- php - 将 Active Campaign 连接到数据库的更简单方法是什么?
- google-analytics - 使用 Google 分析知道当发生特定错误时用户会做什么?
- android - 如何隐藏textview文本
- typescript - 带有通用键的打字稿界面
- javascript - 如何使用javascript在不同的文本字段中显示多个输入值
- c# - CefSharp - 如何从开发者工具的源选项卡中实现另存为
- c# - 我将如何使我从其他页面入队的对象出列
- python - 如何将旧数据框中的数据附加到新的空白数据框中
- python - 如何使用 Python 处理 Spark Dataframe 中的 NullType?
- java - Spring自定义访问被拒绝处理程序不起作用