ASP.NET MVC - HTTP验证提示 [英] ASP.NET MVC - HTTP Authentication Prompt

问题描述

是否有可能使我的申请要求提供用户名和密码提示之前渲染的看法？
就像在Twitter API来获取您的帐户信息：

<一个href=\"http://twitter.com/account/verify%5Fcredentials.xml\">http://twitter.com/account/verify%5Fcredentials.xml

所以在渲染视图||文件，它会要求你插入你的用户名和密码，我想既然卷曲请求是基于用户名这是直接在服务器上：密码以及类似这样的：

 卷曲-u用户名：密码http://twitter.com/account/verify_credentials.xml
 

由于我试图打造继相同的结构，我想知道我可以在ASP.NET MVC C＃这样做的API。我已经用这个上轨的红宝石和pretty简单，如：

 的before_filter：认证高清认证
    authenticate_or_request_with_http_basic做|用户名，密码|
    用户名==富与功放;＆安培;密码==栏
结束
 

我不认为[授权]过滤器是一样的，因为我相信这只是一个重定向，
它会将您重定向到帐户内部控制器是基于帐户数据库，在这种情况下，我会使用其他数据库，专门从互联网服务和信息提交后做验证。
但我需要的行动，需要用户和传递其请求凭据。

在此先感谢

---

更新：

其实，请求需要此认证页面（即微博）
我会宣布这个作为要求

  request.Credentials =新的NetworkCredential（用户名，密码）;
 

，这将反映提示用户名和密码。

所以，这是完全一样的事情，但是从另外一个方面，如果有可能的提供的信息，要求认证的提示，我怎么可以在要求此认证而不是请求？

所以每次有人试图让我的示例应用程序的请求：

<一个href=\"http://myapplication/clients/verify%5Fcredentials\">http://myapplication/clients/verify%5Fcredentials

这应该要求与服务器提示用户名和密码
所以以检索上的卷曲信息，例如，它会是这样

 卷曲-u用户名：密码的http：//为MyApplication /客户/ verify_credentials
 

解决方案

好了，要求你需要返回401状态code基本身份验证。但这样做将导致当前的认证模块来执行它的默认擅自处理程序（表单认证，这意味着重定向到登录页面）。

我写了 ActionFilterAttribte 来看看，如果我能得到你想要的行为时，有安装在的web.config 。

 公共类RequireBasicAuthentication：ActionFilterAttribute {
   公共覆盖无效OnActionExecuting（ActionExecutingContext filterContext）{
       VAR REQ = filterContext.HttpContext.Request;
       如果（String.IsNullOrEmpty（req.Headers [授权]））{
           VAR解析度= filterContext.HttpContext.Response;
           res.Status code = 401;
           res.AddHeader（WWW身份验证，基本境界= \\微博\\）;
           重发（）;
       }
   }
}
 

和控制器动作：

  [RequireBasicAuthentication]
公众的ActionResult指数（）{
    VAR CRED = System.Text.ASCIIEncoding.ASCII
            .GetString（Convert.FromBase64String（
            Request.Headers [授权。子串（6）））
            。分裂（'：'）;
    VAR用户=新的{名称= CRED [0]，通= CRED [1]};
    返回内容（的String.Format（用户：{0}，密码为：{1}，
        user.Name，user.Pass））;
}
 

这是行动成功打印我输入用户名和密码。但我真的怀疑这是做到这一点的最好办法。你有没有选择除了要求用户名和密码，这种方式？

Is it possible to make my application ask for username and password prompting for it before render a view? Just like on twitter API to get information about your account:

http://twitter.com/account/verify%5Fcredentials.xml

So before render the view || file it asks you to insert you username and password, I think this is made directly on the server since the curl request is based on username:password as well like this:

curl -u user:password http://twitter.com/account/verify_credentials.xml

As I'm trying to build an API following the same structure I would like to know how I can do this on ASP.NET MVC C#. I've already used this on ruby rails and its pretty simple like:

before_filter :authenticate

def authenticate
    authenticate_or_request_with_http_basic do |username, password|
    username == "foo" && password == "bar"
end

I don't think that [Authorize] filter is the same since I believe it's just a redirection, and it redirects you to the Accounts Internal Controller that is based on the accounts database, in this case I will use another database, specifically from a webservice and do the validation after the information is submitted. But I need the action to require the user and pass credentials on its request.

Thanks in advance

---

UPDATE:

Actually to request a page that requires this authentication (i.e. Twitter) I would have to declare this on its request

request.Credentials = new NetworkCredential("username", "password");

And this would reflect that prompted username and password.

So, it's exactly the same thing but from the other side, if it's possible to provide information to the authentication prompt on request, how could I require this authentication on the request instead?

So everytime somebody tries to make a request to my application on example:

http://myapplication/clients/verify%5Fcredentials

it should ask for a username and password with that server prompt so to retrive information on curl for example it would be like this

curl -u user:password http://myapplication/clients/verify_credentials

解决方案

Well, to require basic authentication you need to return 401 status code. But doing that will cause the current authentication module to execute its default unauthorized handler (for forms authentication, this means redirecting to login page).

I wrote an ActionFilterAttribte to see if I can get the behaviour you want when there's no authentication module installed in web.config.

public class RequireBasicAuthentication : ActionFilterAttribute {
   public override void OnActionExecuting(ActionExecutingContext filterContext) {
       var req = filterContext.HttpContext.Request;
       if (String.IsNullOrEmpty(req.Headers["Authorization"])) {
           var res = filterContext.HttpContext.Response;
           res.StatusCode = 401;
           res.AddHeader("WWW-Authenticate", "Basic realm=\"Twitter\"");
           res.End();
       }
   }
}

And the controller action :

[RequireBasicAuthentication]
public ActionResult Index() {
    var cred = System.Text.ASCIIEncoding.ASCII
            .GetString(Convert.FromBase64String(
            Request.Headers["Authorization"].Substring(6)))
            .Split(':');
    var user = new { Name = cred[0], Pass = cred[1] };
    return Content(String.Format("user:{0}, password:{1}", 
        user.Name, user.Pass));
}

That action successfully prints the username and password I enter. But I really doubt that's the best way to do this. Do you have no choice except asking for username and password this way?

这篇关于ASP.NET MVC - HTTP验证提示的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！