ASP.NET MVC - HTTP 身份验证提示 [英] ASP.NET MVC - HTTP Authentication Prompt
问题描述
是否可以让我的应用程序在呈现视图之前询问用户名和密码提示?就像在 twitter API 上获取有关您帐户的信息一样:
Is it possible to make my application ask for username and password prompting for it before render a view? Just like on twitter API to get information about your account:
http://twitter.com/account/verify_credentials.xml
所以在渲染视图之前 ||文件它要求您插入您的用户名和密码,我认为这是直接在服务器上进行的,因为 curl 请求基于 username:password 以及如下所示:
So before render the view || file it asks you to insert you username and password, I think this is made directly on the server since the curl request is based on username:password as well like this:
curl -u user:password http://twitter.com/account/verify_credentials.xml
当我尝试按照相同的结构构建 API 时,我想知道如何在 ASP.NET MVC C# 上执行此操作.我已经在 ruby rails 上使用过它,它非常简单,例如:
As I'm trying to build an API following the same structure I would like to know how I can do this on ASP.NET MVC C#. I've already used this on ruby rails and its pretty simple like:
before_filter :authenticate
def authenticate
authenticate_or_request_with_http_basic do |username, password|
username == "foo" && password == "bar"
end
我不认为 [Authorize] 过滤器是一样的,因为我相信它只是一个重定向,并将您重定向到基于帐户数据库的帐户内部控制器,在这种情况下,我将使用另一个数据库,特别是来自网络服务的数据库,并在提交信息后进行验证.但我需要采取行动来要求用户并根据其请求传递凭据.
I don't think that [Authorize] filter is the same since I believe it's just a redirection, and it redirects you to the Accounts Internal Controller that is based on the accounts database, in this case I will use another database, specifically from a webservice and do the validation after the information is submitted. But I need the action to require the user and pass credentials on its request.
提前致谢
更新:
实际上是请求一个需要这个认证的页面(即推特)我必须根据它的要求声明这一点
Actually to request a page that requires this authentication (i.e. Twitter) I would have to declare this on its request
request.Credentials = new NetworkCredential("username", "password");
这将反映提示的用户名和密码.
And this would reflect that prompted username and password.
所以,这是完全相同的事情,但从另一方面来说,如果可以根据请求向身份验证提示提供信息,我如何要求此身份验证而是请求?
So, it's exactly the same thing but from the other side, if it's possible to provide information to the authentication prompt on request, how could I require this authentication on the request instead?
所以每次有人试图向我的应用程序发出请求时:
So everytime somebody tries to make a request to my application on example:
http://myapplication/clients/verify_credentials
它应该在服务器提示下要求输入用户名和密码因此,例如要检索有关 curl 的信息,它会像这样
it should ask for a username and password with that server prompt so to retrive information on curl for example it would be like this
curl -u user:password http://myapplication/clients/verify_credentials
推荐答案
好吧,要要求基本身份验证,您需要返回 401 状态代码.但是这样做会导致当前的身份验证模块执行其默认的未授权处理程序(对于表单身份验证,这意味着重定向到登录页面).
Well, to require basic authentication you need to return 401 status code. But doing that will cause the current authentication module to execute its default unauthorized handler (for forms authentication, this means redirecting to login page).
我编写了一个 ActionFilterAttribte 来看看当 web.config 中没有安装身份验证模块时我是否可以获得您想要的行为.
I wrote an ActionFilterAttribte to see if I can get the behaviour you want when there's no authentication module installed in web.config.
public class RequireBasicAuthentication : ActionFilterAttribute {
public override void OnActionExecuting(ActionExecutingContext filterContext) {
var req = filterContext.HttpContext.Request;
if (String.IsNullOrEmpty(req.Headers["Authorization"])) {
var res = filterContext.HttpContext.Response;
res.StatusCode = 401;
res.AddHeader("WWW-Authenticate", "Basic realm="Twitter"");
res.End();
}
}
}
和控制器动作:
[RequireBasicAuthentication]
public ActionResult Index() {
var cred = System.Text.ASCIIEncoding.ASCII
.GetString(Convert.FromBase64String(
Request.Headers["Authorization"].Substring(6)))
.Split(':');
var user = new { Name = cred[0], Pass = cred[1] };
return Content(String.Format("user:{0}, password:{1}",
user.Name, user.Pass));
}
该操作成功打印了我输入的用户名和密码.但我真的怀疑这是做到这一点的最佳方式.除了这样要求用户名和密码,你别无选择吗?
That action successfully prints the username and password I enter. But I really doubt that's the best way to do this. Do you have no choice except asking for username and password this way?
这篇关于ASP.NET MVC - HTTP 身份验证提示的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
