使用用户/密码将基本身份验证添加到web.config的最简单方法 [英] Simplest way to add Basic authentication to web.config with user/pass
问题描述
我正在使用其背后的ASP.NET WebApi 2应用程序设置Azure API管理. API Management建议在API Management代理和ASP.NET WebApi之间设置基本身份验证,以确保只能通过API Management代理访问WebApi.
I'm setting up an Azure API Management with with an ASP.NET WebApi 2 app behind it. API Management recommends setting up Basic auth between the API Management proxy and the ASP.NET WebApi to make sure the WebApi is only accessible through the API Management proxy.
(当然,OAuth令牌仍将与对真实"身份验证的请求一起发送,但我稍后会添加.)
(Of course OAuth tokens will be still sent with requests for the "real" authentication, but I'll add that later.)
考虑到这一点,我真的不想在应用程序中实现基本身份验证,我希望通过Web.config专门由IIS处理它.
With this in mind, I don't really want to implement the Basic auth in the application, I would like to have it handled by IIS exclusively, via Web.config.
问题:如何设置Web.config以使用存储在Web.config中的用户名/密码进行基本身份验证?
我尝试过的事情:
我试图按照本文将ASP.NET身份验证和授权规则应用于静态内容IIS 7.0的集成管道功能,但运气不佳.
I tried to follow this article Apply ASP.NET Authentication and Authorization Rules to Static Content with IIS 7.0's Integrated Pipeline Feature but didn't have much luck.
这个问题没有答案,但是他们可能会问类似的事情: web.config单用户基本身份验证
This question is unanswered, but they probably ask for similar thing: web.config single user basic auth
我在这里找到的其他答案包括在我不想做的应用程序内部添加身份验证.
Other answers I found here include adding the authentication inside the application which I don't want to do.
这是我的Web.config:
Here is my Web.config:
<?xml version="1.0"?>
<configuration>
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=6.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false"/>
</configSections>
<appSettings configSource="bin\debug-appSettings.config"/>
<connectionStrings configSource="bin\debug-connectionStrings.config"/>
<system.web>
<compilation targetFramework="4.5.2"/>
<httpRuntime targetFramework="4.5.2"/>
<authentication mode="Forms">
<forms>
<credentials passwordFormat="Clear">
<user name="test" password="test" />
</credentials>
</forms>
</authentication>
<authorization>
<allow users="test" />
<deny users="*" />
</authorization>
</system.web>
<system.webServer>
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0"/>
<remove name="OPTIONSVerbHandler"/>
<remove name="TRACEVerbHandler"/>
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0"/>
</handlers>
<modules>
<remove name="FormsAuthenticationModule" />
<add name="FormsAuthenticationModule" type="System.Web.Security.FormsAuthenticationModule" />
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" />
</modules>
<security>
<authentication>
<basicAuthentication enabled="true" />
</authentication>
</security>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.Azure.AppService.ApiApps.Service" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
<bindingRedirect oldVersion="0.0.0.0-0.9.64.0" newVersion="0.9.64.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed"/>
<bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="7.0.0.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="MiniProfiler" publicKeyToken="b44f9351044011a3" culture="neutral"/>
<bindingRedirect oldVersion="0.0.0.0-3.2.0.157" newVersion="3.2.0.157"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
<bindingRedirect oldVersion="0.0.0.0-4.0.20622.1351" newVersion="4.0.20622.1351"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.WindowsAzure.Storage" publicKeyToken="31bf3856ad364e35" culture="neutral"/>
<bindingRedirect oldVersion="0.0.0.0-6.1.0.0" newVersion="6.1.0.0"/>
</dependentAssembly>
</assemblyBinding>
</runtime>
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
<parameters>
<parameter value="mssqllocaldb"/>
</parameters>
</defaultConnectionFactory>
<providers>
<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer"/>
</providers>
</entityFramework>
</configuration>
我通过PostMan发送带有以下标头的请求:
I send a request with PostMan with the following headers:
Authorization: Basic dGVzdDp0ZXN0
Content-Type: application/json
但是我得到的只是IIS的401.1页面.
But all I get is the 401.1 page by IIS.
我想念什么?
推荐答案
我最终实现了BasicAuthentication作为HttpModule的实现.稍后,我将详细更新此答案.
I ended up implementing BasicAuthentication as a HttpModule. I will update this answer later with the details.
NuGet软件包: https://www.nuget.org/packages/Hexasoft.BasicAuthentication
NuGet package: https://www.nuget.org/packages/Hexasoft.BasicAuthentication
来源: https://github.com/hexasoftuk/Hexasoft.BasicAuthentication
这篇关于使用用户/密码将基本身份验证添加到web.config的最简单方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
