从具有集成 Windows 身份验证的 MVC 应用程序调用 Web API [英] Call Web API from MVC Application with Integrated Windows Authentication

问题描述

我有一个 MVC 应用程序和一个关联的 Web API 项目，它们都托管在 IIS 上的远程服务器上.它们共享同一个应用程序池.每当我尝试从 MVC 应用程序调用 Web API 时，我都会收到 403 错误，这似乎是由 HttpClientHandler 传递的错误凭据引起的.我有

I have an MVC Application and an associated Web API project that are both hosted on a remote server on IIS. They share the same application pool. Whenever I try to make a call to the Web API from the MVC Application I get a 403 error, which appears to be coming from bad credentials being passed by the HttpClientHandler. I have

UseDefaultCredentials = true 

我已经尝试设置

Credentials = CredentialCache.DefaultNetworkCredentials

但这些都不允许 API 请求通过.

but neither of these allows the API request to go through.

将应用程序池设置为使用我的 AD 用户名/密码允许所有 API 请求通过，并且还可以直接从 Postman 调用 API 正确返回数据.

Setting the Application Pool to use my AD Username/Password allows all API requests to go through, and also calling the API directly from Postman returns data properly.

我的假设是 IIS AppPool[Pool Name] 在请求中被转发，并且正确的凭据永远不会被传递.无论如何，是否可以在不使 API 不安全的情况下解决此问题(即只有几个域组应该能够访问它)?

My assumption is that IIS AppPool[Pool Name] is getting forwarded in the request, and the proper credentials are never passed. Is there anyway around this without making the API unsecure (I.e. only a couple of domain groups should be able to access it)?

我从 MVC 应用程序调用 API 的示例

Example of a call I'm making to the API from the MVC application

    public async Task<HttpResponseMessage> CreateIncident(Incident model)
    {
        using (var client = new HttpClient(new HttpClientHandler { UseDefaultCredentials = true }))
        {
            var newIncident = new StringContent(JsonConvert.SerializeObject(model), Encoding.UTF8, "application/json");
            var response = await client.PostAsync(hostUri, newIncident);
            return response;
        }
    }

推荐答案

您可以在此 GitHub 讨论页面上了解如何模拟已通过身份验证的 (windows) 用户:https://github.com/aspnet/Home/issues/1805

You can find out how to impersonate an already authenticated (windows) user at this GitHub discussion page: https://github.com/aspnet/Home/issues/1805

ilanc 有一个非常好的演示，底部有一个链接.

ilanc has a really good demo with a link towards the bottom.

这篇关于从具有集成 Windows 身份验证的 MVC 应用程序调用 Web API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！