AngularJS-使用Bearer令牌和Web API 2.0进行身份验证 [英] AngularJS - Authentication with Bearer Token and Web API 2.0
问题描述
我有一个问题,即使将$http.defaults.headers.common.Authorization设置为null,我仍然能够访问Web API 2.0应用程序的[Authorize]部分.
I have the problem that even though I set the $http.defaults.headers.common.Authorization to null I am still capable of accessing the [Authorize] part of my Web API 2.0 application.
当我从头启动应用程序并尝试通过初始GET请求检索数据时,不会出现此问题.这是当我从$http回调函数收到错误时.
This problem doesn't arise when I start the application from scratch and try to retrieve the data via an initial GET request. This is when I get an error from the $http callback function.
有人猜测为什么会这样吗?我非常有信心,承载令牌存储在浏览器中的某个位置,并且不会被正确删除...
Any guesses why this is happening? I am quite confident that the bearer token is stored somewhere in the browser and doesn't get deleted properly ...
Chrome(带有不记名令牌):
Chrome (With bearer token):
Chrome(无承载令牌):
Chrome (Without bearer token):
Internet Explorer(无承载令牌属性):
Internet Explorer (no bearer Token attribute):
首先,IE中的身份验证属性完全丢失.其次,在Chrome中,所有功能都可以完美运行.在IE中,我无法删除注销请求的令牌.带有区域[Authorize]部分摘要的登录部分效果很好.
First of all, the authentication property in IE is completely missing. Second, in Chrome everything works perfectly. In IE I have the issue that I can't erase the token for the logout request. The login part with the summary of the regions [Authorize] part works perfectly.
推荐答案
尝试检查已设置的请求(如果存在任何Authentification标头).还要尝试验证您使用的是System.Web.Http而不是System.Web.Mvc
Try to check the request that have been set, if any Authentification header is there. Also try to verify that you are using the [Authorize] attribute from System.Web.Http and not System.Web.Mvc
这篇关于AngularJS-使用Bearer令牌和Web API 2.0进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
