c# - 为什么基本身份验证在 C# web api 中不起作用
问题描述
我在 C# asp.net 框架中的项目中编写了代码来实现基本身份验证,但它不起作用。调用此 web-api 时不要求进行身份验证,它应该显示 401(未经授权),没有身份验证请求标头,但正在给出结果。
这是我编写的代码。请让我知道我错过了什么。
BasicAuthenticationAttribute.cs
public class BasicAuthenticationAttribute : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
if(actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
else
{
string authenticationToken = actionContext.Request.Headers.Authorization.Parameter;
string decodedAuthenticationToken = Encoding.UTF8.GetString(Convert.FromBase64String(authenticationToken));
string[] usernamePasswordArray = decodedAuthenticationToken.Split(':');
string username = usernamePasswordArray[0];
string password = usernamePasswordArray[1];
if(EmployeeSecurity.Login(username, password))
{
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(username), null);
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
}
}
EmployeeSecurity.cs
namespace OfficeTest
{
public class EmployeeSecurity
{
public static bool Login(string username, string password)
{
using(EmployeeDBEntities entities = new EmployeeDBEntities())
{
return entities.Users.Any(u => u.Username.Equals(username, StringComparison.OrdinalIgnoreCase)
&& u.Password.Equals(password));
}
}
}
}
WebApiConfig.cs
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
config.Filters.Add(new AuthorizeAttribute());
config.Filters.Add(new BasicAuthenticationAttribute());
// To restrict access for every Web API controller globally
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}
OfficeController.cs
[BasicAuthentication]
public class OfficeController : ApiController
{
private readonly IDataRepository<Employee> _dataRepository;
public OfficeController(IDataRepository<Employee> dataRepository)
{
_dataRepository = dataRepository;
}
public IEnumerable<Employee> Get()
{
return _dataRepository.GetAll();
}
}
注意:未调用public override void OnAuthorization(HttpActionContext actionContext)。我的端点是“https://localhost:44309/api/Office”
我的回应是:
<ArrayOfEmployee xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.datacontract.org/2004/07/EmployeeDataAccess">
<Employee>
<DOB>2002-02-02T00:00:00</DOB>
<department>Developer</department>
<empId>1</empId>
<firstName>Ainuddin</firstName>
<lastName>Khan</lastName>
<mobile>78349827953</mobile>
</Employee>
<Employee>
<DOB>2012-12-12T00:00:00</DOB>
<department>Analyst</department>
<empId>2</empId>
<firstName>Vishal</firstName>
<lastName>Maurya</lastName>
<mobile>783423827953</mobile>
</Employee>
<Employee>
<DOB>2002-02-02T00:00:00</DOB>
<department>Developer</department>
<empId>4</empId>
<firstName>Akbar</firstName>
<lastName>Khan</lastName>
<mobile>7825954</mobile>
</Employee>
<Employee>
<DOB>2002-02-02T00:00:00</DOB>
<department>Developer</department>
<empId>5</empId>
<firstName>Aslam</firstName>
<lastName>Khan</lastName>
<mobile>7828765954</mobile>
</Employee>
</ArrayOfEmployee>
解决方案
推荐阅读
- python - 如何将我的自定义模块中包含的模块导入 python 交互环境的命名空间?
- android-fragments - 在 kotlin 的片段内捕获和上传图像
- jquery - WordPress画廊效果-一张一张弹出的图像/帖子
- maven - 如何在 Maven pom 中同时运行 Junit5 和 TestNG
- html - Bootstrap 4 - 如何防止折叠菜单折叠导航中的所有元素
- html - SyntaxError:编译 ejs 时出现意外的标识符
- python - RuntimeWarning:与 np.where() 相除时遇到无效值
- android - 设置计时器以了解 NFC 读取标签的速度
- objective-c - 让macOS屏保的BG变黑?
- python - 如何使用 python、PRAW/PSAW 抓取未制作首页的 reddit 帖子