对单个操作而非整个应用程序使用Windows身份验证进行身份验证 [英] Authenticate using Windows Authentication on single action and not whole application

问题描述

我想使用Windows集成身份验证而不是全局应用程序对单个控制器操作进行身份验证.我已经在网上和StackOverflow上阅读了许多文章，但没有找到答案. 注意，我正在使用Web API 2.0而不是MVC进行开发.

I would like to authenticate using Windows Integrated Authentication on a single controller action instead of the global application. I have read many articles online and StackOverflow, but have not found an answer. Note, I'm developing in Web API 2.0 and not MVC.

也就是说，通常要在整个应用程序上启用Windows身份验证，您需要执行类似

That said, typically to enable Windows Authentication on your whole application, you'd do something like Web API documentation describes:

<system.web>
    <authentication mode="Windows" />
</system.web>

在幕后，我不确定这到底能做什么，但是我怀疑我可以通过实现由Web API文档进行了描述.但是，我还没有找到结论性的文章来说明如何针对Windows集成身份验证执行此操作.

Under the covers, I'm not sure what this does exactly, but I have a suspicion I may be able to replicate it on a single controller action by implementing IAuthenticationFilter as described by Web API documentation. However, I have not found a conclusive article explaining how do to this for Windows Integrated Authentication.

我的目标示例:

一天结束时，我希望我的单个Web API可以接受来自配置为在以下两种客户端方案中使用Windows身份验证的客户端的请求:

At the end of the day, I would like my single web API to accept a request from a client configured to use windows authentication in either of the following client scenarios:

C#

var handler = new HttpClientHandler()
{
    UseDefaultCredentials = true
};

var client = new HttpClient(handler);

浏览器

$.ajax({
    url: 'api/testauthentication',
    type: 'GET',
    dataType: 'json',
    xhrFields: {
        withCredentials: true
    }
})

编辑#1

引起我注意的是，值得注意的是，我想以编程方式而不是通过诸如web.config，IIS设置等配置文件来完成上述操作.此外，我正在使用

It has come to my attention it's worth noting I would like to accomplish the above programmatically and not through configuration files such as web.config, IIS settings, etc. Also, I'm using OWIN to host the application on my servers.

推荐答案

答案基于此基本上，您可以定义一个自定义委托方法，该方法指定使用Integrated Windows Authentication进行身份验证的请求.

Essentially, you can define a custom delegate method which specifies which requests to authenticate using Integrated Windows Authentication.

builder指的是OWIN自托管的启动"代码中使用的IAppBuilder实例.请参见 OWIN自托管文章，以获取有关此相关主题的更多详细信息.

builder in the following code refers to the IAppBuilder instance used in "Startup" code of OWIN self-hosting. See OWIN self-host article for more details on this related topic.

OwinHttpListener httpListener = (OwinHttpListener)builder.Properties[typeof(OwinHttpListener).FullName];
httpListener.Listener.AuthenticationSchemeSelectorDelegate = new AuthenticationSchemeSelector(DetermineAuthenticationScheme);

然后定义类似于以下内容的DetermineAuthenticationScheme委托方法:

Then define DetermineAuthenticationScheme delegate method similar to the following:

AuthenticationSchemes DetermineAuthenticationScheme( HttpListenerRequest request )
{
    if ( request == null )
    {
        throw new ArgumentNullException( "request" );
    }

    if ( request.RawUrl.IndexOf( "v1/foo", StringComparison.OrdinalIgnoreCase ) >= 0 )
    {
        return AuthenticationSchemes.IntegratedWindowsAuthentication;
    }

    return AuthenticationSchemes.Anonymous;
}

这篇关于对单个操作而非整个应用程序使用Windows身份验证进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！