Par*_*roX 5 c# asp.net authentication asp.net-web-api asp.net-web-api2
我按照http://bitoftech.net/2014/12/15/secure-asp-net-web-api-using-api-key-authentication-hmac-authentication/进行自定义身份验证过滤器.
一切正常,但我不能让服务器在401上说什么.它正确地给出了www-authenicate标题和状态代码401但没有内容/正文.
我尝试使用AuthenticationFailureResult了从http://www.asp.net/web-api/overview/security/authentication-filters但没有帮助.我把我转换AuthenticateAsync成async并忽略了await警告.
这是我目前的工作,评论中的代码是我 - 我希望 - 我可以做的,这主要是它使用任何格式化程序
//request.CreateResponse(HttpStatusCode.Unauthorized, new { Error = true, Message = "Token is invalid" });
HttpContext.Current.Response.ContentType = "application/json";
HttpContext.Current.Response.Write("{ \"Error\" = true, \"Message\" = \"Token is invalid\" }");
context.ErrorResult = new UnauthorizedResult(new AuthenticationHeaderValue[0], request);
Vov*_*ova 10
有两个选项可以做到这一点:快速但粗暴,更长,但更优雅
A.直接修改HttpResponse:
HttpContext.Current.Response.StatusCode = 401;
HttpContext.Current.Response.Write("some content");
B. 在该类中实现IHttpActionResult并设置a的Content属性HttpResponseMessage:
public class AuthenticationFailureResult : IHttpActionResult
{
public AuthenticationFailureResult(object jsonContent, HttpRequestMessage request)
{
JsonContent = jsonContent;
Request = request;
}
public HttpRequestMessage Request { get; private set; }
public Object JsonContent { get; private set; }
public Task<HttpResponseMessage> ExecuteAsync(CancellationToken cancellationToken)
{
return Task.FromResult(Execute());
}
private HttpResponseMessage Execute()
{
HttpResponseMessage response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
response.RequestMessage = Request;
response.Content = new ObjectContent(JsonContent.GetType(), JsonContent, new JsonMediaTypeFormatter());
return response;
}
}
然后你就可以像这样使用它:
context.ErrorResult = new AuthenticationFailureResult(new { Error = true, Message = "Token is invalid" }, request);
注意:如果要使用匿名类型,请JsonContent确保AuthenticationFailureResult在同一个库中实现.
| 归档时间: |
|
| 查看次数: |
6753 次 |
| 最近记录: |