MVC重定向与自定义标题 [英] MVC Redirect with custom headers
问题描述
但愿这是有人在那里一个简单的问题。
Hopefully this is a simple question for someone out there.
基本上在收到请求到我的MVC控制器,我想:
Basically upon receiving a request to my MVC controller, I want to:
- 的授权头添加到响应
- 重定向到另一个应用程序坐在另一个域
- 阅读授权头在这个外部站点。
这似乎重定向行为,剔除掉我所有的自定义页眉和重定向。
It appears the act of redirecting, strips out all my custom headers and redirects.
我的问题,我怎么能添加新的标题,并执行重定向,并让该头中的标头的接收主机[在重定向结束]显示阅读?
My question, how can I add a new header, AND perform a redirect, AND have that header show up in the headers for the receiving host [at the end of the redirect] to read?
推荐答案
您不能。这不是如何HTTP的工作原理。首先,重定向只是一个301,302,或(因为HTTP 1.1)307状态code设置为URL中的位置报头中的客户端应该去至。这是的客户的发起请求到该网址,所以你必须对他们送什么头无法控制的。
You can't. That's not how HTTP works. First, a "redirect" is just a 301, 302, or (since HTTP 1.1) 307 status code with the Location header set to the URL the client should go to. It's the client that initiates the request to that URL, so you have no control over what headers they send.
二,HTTP是无状态的,所以,一个授权头是在某些时候某些响应发送的事实的零的轴承上的任何东西,发生在任何将来的请求。 Web浏览器和其他HTTP客户端使用在客户端的服务器端的会话和饼干裙子周围HTTP的无状态特性。客户端发送该cookie与请求的服务器。该Cookie匹配服务器上的会话存储的项目,以及服务器负载从该会话的数据给外观虽然状态保持。
Second, HTTP is stateless, so the fact that an Authorization header was sent in some response at some point has zero bearing on anything that happens in any future requests. Web browsers and other HTTP clients skirt around the stateless nature of HTTP by using sessions on the server-side and cookies on the client side. The client sends the cookie to the server with the request. The cookie matches an item in the session store on the server, and the server loads up the data from that session to give the appearance as though state was maintained.
三,饼干不要在这种情况下工作,因为他们是结构域结合,并请求他们没有发源于域一起不被发送。所以,即使你要创建的会话保持授权,其他网站将再也看不到了。
Third, cookies don't work in this situation, because they are domain bound and are not sent along with requests to domains they did not originate from. So, even if you were to create session to maintain the authorization, the other site would never see it.
FWIW,基本premise这里,用不同的域共享验证状态,是的究竟的是为开发什么技术,如OAuth的。未来在这个方向如此直接的研究。
FWIW, the basic premise here, sharing authentication state with a different domain, is exactly what technologies like OAuth were developed for. So direct future research in that direction.
这篇关于MVC重定向与自定义标题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
