如何从标头中检索基本身份验证凭据? [英] How can I retrieve Basic Authentication credentials from the header?

问题描述

我正在尝试编写一些使用基本身份验证的简单测试用户身份验证机制.如何从标题中检索凭证?

I am trying to write some simple tests User Authentication mechanism which uses Basic Authentication. How can I retrieve the credentials from the header?

string authorizationHeader = this.HttpContext.Request.Headers["Authorization"];

我从这里去哪里?有一些教程，但是我是.NET和身份验证的新手，您能否在答案中准确地逐步解释您的工作方式和原因.

Where do I go from here? There are several tutorials but I new to .NET and authentication, could you explain in your answer exactly step-by-step the what and why you are doing.

推荐答案

来自我的博客:

这将详细解释这一切如何工作:

This will explain in detail how this all works:

每当您使用基本身份验证时，就会在HTTP请求中添加标头，该标头看起来类似于:

Whenever you use Basic Authentication a header is added to HTTP Request and it will look similar to this:

授权:基本QWxhZGRpbjpvcGVuIHNlc2FtZQ ==

Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

来源: http://en.wikipedia.org/wiki/Basic_access_authentication

"QWxhZGRpbjpvcGVuIHNlc2FtZQ ==只是用Base64编码的用户名:密码"( http://en.wikipedia.org/wiki /Base64 ).为了访问.NET(C#)中的标头和其他HTTP属性，您需要有权访问当前的Http上下文:

"QWxhZGRpbjpvcGVuIHNlc2FtZQ==" is just "username:password" encoded in Base64(http://en.wikipedia.org/wiki/Base64). In order to access headers and other HTTP properties in .NET (C#) you need to have access to the current Http Context:

HttpContext httpContext = HttpContext.Current;

您可以在System.Web命名空间中找到它.

This you can find in System.Web namespace.

授权标头不是HttpContext中唯一的标头.为了访问标题，我们需要从请求中获取它.

Authorization header isn't the only only one in the HttpContext. In order to access the header, we need to get it from the request.

string authHeader = this.httpContext.Request.Headers["Authorization"];

如果调试代码，您将看到该标头的内容类似于以下内容:

If you debug your code you will see that the content of that header looks similar to this:

基本QWxhZGRpbjpvcGVuIHNlc2FtZQ ==

Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==

第3步-检查标题

您已经提取了标头，现在您需要做几件事:

Step 3 - Checking the header

You've already extracted the header now there are several things you need to do:

1. 检查标题不为空
2. 检查授权/身份验证机制确实是基本"

像这样:

if (authHeader != null && authHeader.StartsWith("Basic")) {
    //Extract credentials
} else {
    //Handle what happens if that isn't the case
    throw new Exception("The authorization header is either empty or isn't Basic.");
}

现在，您已经检查出是否有要从中提取数据的东西.

Now you have check that you are have something to extract data from.

您现在可以尝试获取用户名和密码的值.首先，您需要摆脱"Basic"子字符串.您可以这样做:

You can now attempt to get the values for username and password. Firstly you need to get rid of the "Basic " substring. You can do it like so:

string encodedUsernamePassword = authHeader.Substring("Basic ".Length).Trim();

有关更多详细信息，请参见以下链接:

See the following links for further details:

1. http://msdn.microsoft.com/zh-cn/library/system.string.substring(v = vs.110).aspx
2. http://msdn.microsoft.com/en-us/library/t97s7bs3(v = vs.110).aspx

1. http://msdn.microsoft.com/en-us/library/system.string.substring(v=vs.110).aspx
2. http://msdn.microsoft.com/en-us/library/t97s7bs3(v=vs.110).aspx

解码Base64

现在，我们需要从Base64解码回字符串:

Decoding Base64

Now we need to decode back from Base64 to string:

//the coding should be iso or you could use ASCII and UTF-8 decoder
Encoding encoding = Encoding.GetEncoding("iso-8859-1");
string usernamePassword = encoding.GetString(Convert.FromBase64String(encodedUsernamePassword));

现在的用户名和密码将采用以下格式:

Now username and password will be in this format:

username:password

拆分用户名:密码

为了获取用户名和密码，我们只需获取:"的索引即可.

Splitting Username:Password

In order to get username and password we can simply get the index of the ":"

int seperatorIndex = usernamePassword.IndexOf(':');

username = usernamePassword.Substring(0, seperatorIndex);
password = usernamePassword.Substring(seperatorIndex + 1);

现在您可以使用这些数据进行测试.祝你好运！

Now you can use these data for testing. Good luck!

PS:最终代码可能如下所示:

PS: the final code may look like this:

HttpContext httpContext = HttpContext.Current;

string authHeader = this.httpContext.Request.Headers["Authorization"];

if (authHeader != null && authHeader.StartsWith("Basic")) {
    string encodedUsernamePassword = authHeader.Substring("Basic ".Length).Trim();
    Encoding encoding = Encoding.GetEncoding("iso-8859-1");
    string usernamePassword = encoding.GetString(Convert.FromBase64String(encodedUsernamePassword));

    int seperatorIndex = usernamePassword.IndexOf(':');

    var username = usernamePassword.Substring(0, seperatorIndex);
    var password = usernamePassword.Substring(seperatorIndex + 1);
} else {
    //Handle what happens if that isn't the case
    throw new Exception("The authorization header is either empty or isn't Basic.");
}

这篇关于如何从标头中检索基本身份验证凭据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！