Azure移动应用程序自定义身份验证 [英] Azure Mobile Apps custom authentication

问题描述

我正在尝试使用MobileServiceClient的LoginAsync(string provider, JObject token)重载来实现自定义身份验证.我有一个像这样的自定义身份验证控制器

I'm trying to implement custom auth using the LoginAsync(string provider, JObject token) overload of MobileServiceClient. I'have a custom auth controller like this

[MobileAppController]
public class CustomAuthController : ApiController
{
   public async Task<IHttpActionResult> Post([FromBody] JObject assertion)
  {
    ...
  }
}

在后端启动中，我设置了路由

and inside backend startup I set the route

config.Routes.MapHttpRoute("CustomAuth", ".auth/login/CustomAuth",new { controller = "CustomAuth" });

在客户端，呼叫是:

var credentials = new JObject
{
    ["email"] = username,
    ["password"] = password
};            
MobileServiceUser user;
try
{
    user = await MobileService.LoginAsync("CustomAuth", credentials);
}
catch (Exception ex)
{
    Debug.WriteLine(ex.Message);
    throw;
}

我认为这都是正确的，但是我无法使用LoginAsync方法调用控制器(在调试中，我在控制器的第一条指令上设置了一个断点). 而且我什至看不到异常，因为它从未实现过catch阻止. 但是我可以使用Postman例如将请求发送到CustomAuthController，在这种情况下，可以达到调试断点... 我不明白为什么！ 我正在尝试调试LoginAsync(使用MobileServiceTokenAuthentication)反编译的代码，但未成功...请帮助！ 在后端，我的自定义身份验证是使用auth0委托api进行的.

I think all it's correct but I cannot call the controller with LoginAsync method (in debug I set a breakpoint on first instruction of controller). And I connot even see the exception because the catch block it's never reached. But I can send request to CustomAuthController using Postman for example and in this case the debug breakpoint is reached... I don't understand why!! I'm trying to debug LoginAsync (that uses MobileServiceTokenAuthentication) decompiled code without success...please help! On backend side my custom authentication is made with auth0 delegation api.

推荐答案

您将需要从控制器代码中删除[MobileAppController]属性.此属性增加了一个要求，即调用必须包含版本标头，并且客户端SDK不会为登录方法发送这些标头.或者，您可以在客户端上使用委派处理程序来注入此标头，但是服务器端更改将涉及较少的代码.在自定义身份验证的上下文中，该属性没有提供我可以想到的任何好处，因此应该安全删除.

You will need to remove the [MobileAppController] attribute from the controller code. This attribute adds a requirement that the call include a version header, and the client SDK does not send these for the login methods. Alternatively you could use a delegating handler on the client to inject this header, but the server-side change will involve less code. In the context of custom auth, the attribute isn't providing any benefit that I can think of, so it should be safe to remove.

这篇关于Azure移动应用程序自定义身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！