您的位置: 首页  >  技术问答  >  授权错误从授权处理程序类

授权错误从授权处理程序类

分类: 技术问答 2022-08-01 20:26:01
问题描述:

我似乎无法登录时,我打电话 - API /值。客户端抛出“授权已被拒绝此请求。”信息。授权错误从授权处理程序类

我试着调试basicAuthHandler类,但它似乎没有崩溃在任何地方,所以我有点卡住,我怎么能指出这个问题。

它可以是我的validate方法或构造函数在我的global.aspx?

public class BasicAuthMessageHandler : DelegatingHandler 
    { 

    private const string BasicAuthResponseHeader = "WWW-Authenticate"; 
    private const string BasicAuthResponseHeaderValue = "Basic"; 

    //[Inject] 
    //public iUser Repository { get; set; } 

    // private readonly iUser Repository; 

    private readonly iUser Repository = new User(); 

    protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) 
    { 
     AuthenticationHeaderValue authValue = request.Headers.Authorization; 
     if (authValue != null && !String.IsNullOrWhiteSpace(authValue.Parameter)) 
     { 
      api_login parsedCredentials = ParseAuthorizationHeader(authValue.Parameter); 
      if (parsedCredentials != null) 
      { 
       IPrincipal principal; 
       if (TryGetPrincipal(parsedCredentials.username, parsedCredentials.password, out principal)) 
       { 
        Thread.CurrentPrincipal = principal; 
        //request.GetRequestContext().Principal = principal; 
       } 
      } 
     } 

     return base.SendAsync(request, cancellationToken).ContinueWith(task => 
     { 
      var response = task.Result; 
      if (response.StatusCode == HttpStatusCode.Unauthorized && !response.Headers.Contains(BasicAuthResponseHeader)) 
      { 
       response.Headers.Add(BasicAuthResponseHeader, BasicAuthResponseHeaderValue); 
      } 

      return response; 
     }); 
    } 

    private api_login ParseAuthorizationHeader(string authHeader) 
    { 
     string[] credentials = Encoding.ASCII.GetString(Convert.FromBase64String(authHeader)).Split(new[] { ':' }); 
     if (credentials.Length != 2 || string.IsNullOrEmpty(credentials[0]) || string.IsNullOrEmpty(credentials[1])) return null; 

     return new api_login() 
     { 
      username = credentials[0], 
      password = credentials[1], 
     }; 
    } 

    private bool TryGetPrincipal(string userName, string password, out IPrincipal principal) 
    { 
     // this is the method that authenticates against my repository (in this case, hard coded) 
     // you can replace this with whatever logic you'd use, but proper separation would put the 
     // data access in a repository or separate layer/library. 
     api_login user = Repository.Validate2(userName, password); 

     if (user.username != null) 
     { 
      // once the user is verified, assign it to an IPrincipal with the identity name and applicable roles 
      principal = new GenericPrincipal(new GenericIdentity(user.username), null); 

     } 

     principal = null; 
     return false; 
    } 
    } 
}

global.aspx:

GlobalConfiguration.Configuration.MessageHandlers.Add(new BasicAuthMessageHandler());

任何帮助将是非常赞赏。 谢谢。

我想你没有在你的代码正确处理响应,我创建了一个MessageHandlerBasic Authentication基础上,你的代码,希望这会给你一个不错的主意(我没有测试),见下图:

public class BasicAuthMessageHandler : DelegatingHandler 
    { 
     private const string BasicAuthResponseHeader = "WWW-Authenticate"; 
     private const string BasicAuthResponseHeaderValue = "Basic"; 
     //[Inject] 
     //public iUser Repository { get; set; } 
     // private readonly iUser Repository; 
     private readonly iUser Repository = new User(); 

     protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) 
     { 
      AuthenticationHeaderValue authValue = request.Headers.Authorization; 

      if (authValue == null || authValue.Scheme != BasicAuthResponseHeaderValue) 
      { 
       return Unauthorized(request); 
      } 
      string[] credentials = Encoding.ASCII.GetString(Convert.FromBase64String(authValue.Parameter)).Split(new[] { ':' }); 
      if (credentials.Length != 2 || string.IsNullOrEmpty(credentials[0]) || string.IsNullOrEmpty(credentials[1])) 
      { 
       return Unauthorized(request); 
      } 
      api_login user = Repository.Validate2(credentials[0], credentials[1]); 
      if (user == null) 
      { 
       return Unauthorized(request); 
      } 
      IPrincipal principal = new GenericPrincipal(new GenericIdentity(user.username, BasicAuthResponseHeaderValue), null); 
      Thread.CurrentPrincipal = principal; 
      HttpContext.Current.User = principal; 

      return base.SendAsync(request, cancellationToken); 
     } 

     private Task<HttpResponseMessage> Unauthorized(HttpRequestMessage request) 
     { 
      var response = request.CreateResponse(HttpStatusCode.Unauthorized); 
      response.Headers.Add(BasicAuthResponseHeader, BasicAuthResponseHeaderValue); 
      var task = new TaskCompletionSource<HttpResponseMessage>(); 
      task.SetResult(response); 
      return task.Task; 
     } 

    }
+0

非常感谢。这是一个真正的帮助。 = d – user3070072

相关推荐