为什么 Web API 请求的主体会被读取一次? [英] Why is the body of a Web API request read once?

问题描述

我的目标是使用 AuthorizationFilter 或 DelegatingHandler 对 Web API 请求进行身份验证.我想在几个地方查找客户端 ID 和身份验证令牌，包括请求正文.起初看起来这很容易，我可以做这样的事情

My goal is to authenticate Web API requests using a AuthorizationFilter or DelegatingHandler. I want to look for the client id and authentication token in a few places, including the request body. At first it seemed like this would be easy, I could do something like this

var task = _message.Content.ReadAsAsync<Credentials>();

task.Wait();

if (task.Result != null)
{
    // check if credentials are valid
}

问题是 HttpContent 只能读取一次.如果我在处理程序或过滤器中执行此操作，那么在我的操作方法中我将无法使用该内容.我在 StackOverflow 上找到了一些答案，例如:Read HttpContent inWebApi 控制器 解释说这是故意这样的，但他们没有说为什么.这似乎是一个非常严重的限制，阻止我在过滤器或处理程序中使用任何很酷的 Web API 内容解析代码.

The problem is that the HttpContent can only be read once. If I do this in a Handler or a Filter then the content isn't available for me in my action method. I found a few answers here on StackOverflow, like this one: Read HttpContent in WebApi controller that explain that it is intentionally this way, but they don't say WHY. This seems like a pretty severe limitation that blocks me from using any of the cool Web API content parsing code in Filters or Handlers.

这是技术限制吗?它是否试图阻止我做一件我没有看到的非常糟糕的事情(tm)?

Is it a technical limitation? Is it trying to keep me from doing a VERY BAD THING(tm) that I'm not seeing?

事后调查:

我查看了 Filip 建议的来源.ReadAsStreamAsync 返回内部流并且没有什么可以阻止您调用 Seek 如果流支持它.在我的测试中，如果我调用 ReadAsAsync 然后这样做:

I took a look at the source like Filip suggested. ReadAsStreamAsync returns the internal stream and there's nothing stopping you from calling Seek if the stream supports it. In my tests if I called ReadAsAsync then did this:

message.Content.ReadAsStreamAsync().ContinueWith(t => t.Result.Seek(0, SeekOrigin.Begin)).Wait();

自动模型绑定过程在遇到我的操作方法时会正常工作.不过我没有使用它，我选择了更直接的东西:

The automatic model binding process would work fine when it hit my action method. I didn't use this though, I opted for something more direct:

var buffer = new MemoryStream(_message.Content.ReadAsByteArrayAsync().WaitFor());
var formatters = _message.GetConfiguration().Formatters;
var reader = formatters.FindReader(typeof(Credentials), _message.Content.Headers.ContentType);
var credentials = reader.ReadFromStreamAsync(typeof(Credentials), buffer, _message.Content, null).WaitFor() as Credentials;

使用扩展方法(我在 .NET 4.0 中，没有 await 关键字)

With an extension method (I'm in .NET 4.0 with no await keyword)

public static class TaskExtensions
{
    public static T WaitFor<T>(this Task<T> task)
    {
        task.Wait();
        if (task.IsCanceled) { throw new ApplicationException(); }
        if (task.IsFaulted) { throw task.Exception; }
        return task.Result;
    }
}

最后一个问题，HttpContent 有一个硬编码的最大缓冲区大小:

One last catch, HttpContent has a hard-coded max buffer size:

internal const int DefaultMaxBufferSize = 65536;

因此，如果您的内容要大于该值，您需要在尝试调用 ReadAsByteArrayAsync 之前手动调用更大的 LoadIntoBufferAsync.

So if your content is going to be bigger than that you'll need to manually call LoadIntoBufferAsync with a larger size before you try to call ReadAsByteArrayAsync.

推荐答案

您指出的答案并不完全准确.

The answer you pointed to is not entirely accurate.

您始终可以读取为字符串 (ReadAsStringAsync) 或字节 [] (ReadAsByteArrayAsync)，因为它们在内部缓冲请求.

You can always read as string (ReadAsStringAsync)or as byte[] (ReadAsByteArrayAsync) as they buffer the request internally.

例如下面的虚拟处理程序:

For example the dummy handler below:

public class MyHandler : DelegatingHandler
{
    protected override async System.Threading.Tasks.Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
    {
        var body = await request.Content.ReadAsStringAsync();
        //deserialize from string i.e. using JSON.NET

        return base.SendAsync(request, cancellationToken);
    }
}

同样适用于字节[]:

public class MessageHandler : DelegatingHandler
{
    protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        var requestMessage = await request.Content.ReadAsByteArrayAsync();
        //do something with requestMessage - but you will have to deserialize from byte[]

        return base.SendAsync(request, cancellationToken);
    }
}

当它到达控制器时，每个都不会导致发布的内容为空.

Each will not cause the posted content to be null when it reaches the controller.

这篇关于为什么 Web API 请求的主体会被读取一次?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！