DNN Web API服务中的基本身份验证 [英] Basic auth in DNN Web API service

问题描述

我正在为DNN构建一个库类型模块，该模块类型模块将包含一个Web API服务，该服务将由单独的应用程序调用。它具有一个从DnnApiController继承的控制器。我希望该服务中的请求使用基本身份验证，因为其他应用与DNN没有关联，并且其用户不会与门户进行交互。它所能做的就是传递用户名和密码（这将通过SSL进行）。我们正在运行DNN 7.3，将其配置为使用标准表单身份验证。

I'm building a library type module for DNN that will house a Web API service that is meant to be called by a separate application. It has one controller that inherits from DnnApiController. I'd like the requests in this service to use basic auth, since the other app has no association with DNN and its users won't be interacting with the portal. All it can do is pass in a username and password (this will happen over SSL). We are running DNN 7.3 which is configured to use standard Forms authentication.

是否可以仅将此服务配置为使用基本身份验证？如果是这样，我需要什么属性/配置才能使其起作用？

Is it possible to configure just this service to use basic auth? If so, what attributes/configuration would I need to make it work?

推荐答案

我认为您可以使用DNNAuthorize属性来完成此操作。首先，我将一个角色添加到DNN中，例如 ExternalApp。然后创建具有该角色的DNN用户。

I think you can do this with the DNNAuthorize attribute. First, I would add a role into DNN, example "ExternalApp". Then create a DNN user that has that role.

使您的Web服务代码如下：

Make your web service code look like this:

public class MyAPIController : DnnApiController
{
    [HttpGet]
    [DnnAuthorize(StaticRoles="ExternalApp")]
    public string Ping()
    {
        return "MyAPI Version 01.00.00";
    }
}

然后在外部应用程序中（假设它是写的在C＃中），您可以执行以下操作：

Then in your external application (let's assume it is written in C#), you can do something like this:

string scheme = "https://";
string domainAlias = "www.website.com";
string modulePath = "myapimodule";
string controllerName = "myapi";
string apimethod = "ping";

Uri serviceUri = new Uri(string.Format("{0}{1}/DesktopModules/{2}/API/{3}/{4}", scheme, domainAlias, modulePath, controllerName, apimethod));
HttpWebRequest httpReq = (HttpWebRequest)HttpWebRequest.Create(serviceUri);
httpReq.Credentials = new NetworkCredential("externalappUser", "password123");
httpReq.Method = "GET";
httpReq.Accept = "application/text";

httpReq.BeginGetResponse(HttpWebRequestCallBack, httpReq);

这篇关于DNN Web API服务中的基本身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！