如何在Windows.Web.Http.HttpClient停止凭据缓存? [英] How to stop credential caching on Windows.Web.Http.HttpClient?
问题描述
我有,其中一个应用程序试图使用不同的身份验证方法从同一台服务器访问资源的问题,这两种方法:
I am having an issue where an app tries to access resources from the same server using different authentication methods, the two methods are:
- 凭据(NTLM,基本等)
- 的OAuth(承载)
HttpBaseProtocolFilter 是设置为:
- 禁用缓存
- 关闭自动UI凭证请求弹出
代码
HttpBaseProtocolFilter filter = new HttpBaseProtocolFilter();
filter.CacheControl.WriteBehavior = HttpCacheWriteBehavior.NoCache;
filter.CacheControl.ReadBehavior = HttpCacheReadBehavior.MostRecent;
filter.AllowUI = false;
添加服务器凭据
如果资源需要凭据,然后我用:
Adding Server Credential
If the resource needs credentials then I use:
filter.ServerCredential = new PasswordCredential(
RequestUri.ToString(),
UserName,
Password);
HttpClient httpClient = new HttpClient(filter);
添加的OAuth令牌
如果资源需要我用一个承载令牌:
Adding OAuth Token
If the resource needs a Bearer token I use:
HttpClient httpClient = new HttpClient(filter);
httpClient.DefaultRequestHeaders.Authorization = new HttpCredentialsHeaderValue("Bearer", token);
的的 ServerCredential 为空
filter.ServerCredential = null
充分利用服务器的响应
Getting response from server
using(httpClient)
{
using(HttpRequestMessage requestMessage = new HttpRequestMessage(new HttpMethod(method), RequestUri))
{
using(HttpResponseMessage response = await httpClient.SendRequestAsync(requestMessage))
{
// Do something with response
}
}
}
的东西问题
如果在的HttpClient 要求使用返回一个200(OK) ServerCredential ,然后每隔以下承载的要求也将返回200(OK),即使承载令牌无效和 filter.ServerCredential 为空。
The issue
If the HttpClient request returns a 200 (OK) using ServerCredential, then every following Bearer request also returns 200 (OK) even if the Bearer token is invalid and filter.ServerCredential is null.
这看起来好像 filter.ServerCredential 被缓存,所有后续调用都与缓存凭据进行身份验证。
It looks as if the filter.ServerCredential is cached and all subsequent calls are authenticated with the cached credentials.
我必须重新启动应用程序,如果我想要做一个承载认证。
I have to restart the app if I want to do a Bearer authentication.
如何删除,禁用或清除 ServerCredential 的Windows.Web.Http.HttpClient的?
How can I remove, disable or clear the ServerCredential of the Windows.Web.Http.HttpClient?
事情我已经试过:
var cookieManager = filter.CookieManager;
HttpCookieCollection myCookieJar = cookieManager.GetCookies(RequestUri);
foreach (HttpCookie cookie in myCookieJar)
{
cookieManager.DeleteCookie(cookie);
}
的
myCookieJar 是空的。
Windows.Security.Credentials.PasswordCredentialPropertyStore credentialPropertyStore = new Windows.Security.Credentials.PasswordCredentialPropertyStore();
的
credentialPropertyStore 是空的。
和
PasswordCredentialPropertyStore 方法清除的is保留供内部使用,不应在代码中使用。
任何想法?
推荐答案
此问题现已解决并修复包括在构建// 2016年版本的SDK。有两个环节进行修复:
This issue has now been resolved and the fix is included in the //build 2016 version of the SDK. There are two parts to this fix:
-
在构建Windows 10586起,新的凭据可以在同一应用程序覆盖旧的缓存值。所以,如果你正在使用HttpClient的实例与C1(用户A,paswordA),然后创建了(用户B,passwdB)在同一个应用一个新的客户端实例C2:这应该工作。新凭据覆盖旧的缓存的人(这不是在早期版本的工作)。
In Windows build 10586 onwards, new credentials can overwrite older cached values in the same app. So, if you were using an instance of HttpClient c1 with (userA, paswordA), and then created a new client instance c2 with (userB, passwdB) in the same app: this should work. The new credentials overwrite the old cached ones (this would not work in earlier versions).
然而,#1仍不足以让你清除原缓存的凭据 - 你只能覆盖它们。为了支持缓存的凭据的空地上,我们现在已经加入到HttpBaseProtocolFilter的方法 - HttpBaseProtocolFilter.ClearAuthenticationCache()的它清除所有缓存的凭证信息。当你想清除你的应用程序从过去的HttpClient的实例的凭据和/或客户端证书,你可以调用它。此方法的文档也将很快面市
However, #1 is still not sufficient to let you clear the original cached credentials - you can only overwrite them. To support clearing of cached credentials, we have now added a method to HttpBaseProtocolFilter - HttpBaseProtocolFilter.ClearAuthenticationCache() which clears all cached credential information. You can call this when you want to clear the credentials and/or client certificates from past instances of HttpClient in your app. The documentation for this method will soon be available here
由于
Sidharth
Thanks Sidharth
[Windows网络团队]
[Windows Networking team]
这篇关于如何在Windows.Web.Http.HttpClient停止凭据缓存?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
