Fen*_*ton 9 authorization asp.net-web-api
我有一个BasicAuthenticationAttribute检查请求中的Authorization标头但是尽管它存在,它仍然认为Authorization标头为null:
public class BasicAuthenticationAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (actionContext.Request.Headers.Authorization == null)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
...
如果我检查actionContext.Request.Headers我可以看到Authorization列出:
{Connection: Keep-Alive
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-gb
Authorization: REDACTED_BUT_PRESENT==
Host: localhost:44300
Referer: https://localhost:44300/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)
}
更新
我刚刚检查了完整的请求标头,它们看起来像这样......我可以看到第一部分中的Authorization标头,但第二部分中的Authorization标头显然为null.
request.Headers
{Connection: Keep-Alive
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-gb
Authorization: REDACTED_BUT_PRESENT==
Host: localhost:1734
Referer: http://localhost:1734/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)
}
base {System.Net.Http.Headers.HttpHeaders}: {Connection: Keep-Alive
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-gb
Authorization: VXNlcjpQYXNzd29yZA==
Host: localhost:1734
Referer: http://localhost:1734/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)
}
Accept: {*/*}
AcceptCharset: {}
AcceptEncoding: {gzip, deflate}
AcceptLanguage: {en-gb}
Authorization: null
CacheControl: null
... removed for brevity ...
Warning: {}
Fen*_*ton 10
如果您对此感到困惑,可以使用以下命令获取标题:
var header = request.Headers.FirstOrDefault(h => h.Key.Equals("Authorization"));
但不是通过
var header = request.Headers.Authorization;
我注意到自己,如果Authorization-header只包含密钥/令牌,那么request.Headers.Authorization就不能正确启动它,因为它也在寻找格式的方案<Scheme> <key/token>,即Authorization: Token VXNlcjpQYXNzd29yZA==,那么Authorization它将不再为null并包含request.Headers.Authorization.Scheme = "Token"和request.Headers.Authorization.Parameter = "VXNlcjpQYXNzd29yZA=="
我发布了自己的基本身份验证属性示例.也许这会给你一些提示.
我用:
HttpContext.Current.Request.Headers["Authorization"];
以下是完整解决方案的链接:
http://remy.supertext.ch/2012/04/basic-http-authorization-for-web-api-in-mvc-4-beta/
| 归档时间: |
|
| 查看次数: |
19296 次 |
| 最近记录: |