允许匿名的ASP.NET Web API控制器，​​而应用程序的其余部分Windows身份验证下运行 [英] Allow anonymous to ASP.NET Web API controller while rest of the application runs under windows authentication

问题描述

我启用了Windows身份验证ASP.NET Web应用程序。我需要在使用某些应用程序的数据访问逻辑，该应用程序编写的ASP.NET Web API控制器。我不想单独创建的Web API一个新的项目，因为我需要公开只是处理几个请求的小终点。

I have an ASP.NET web application that has Windows authentication enabled. I need to write an ASP.NET Web API controller in that application that uses some of the data access logic of the application. I don't want to create a new project for the Web API alone as I need to expose just a small end point that handles a couple of requests.

在Web API的客户会以匿名方式使用服务。要实现这一点，我尝试使用两个控制器以及操作上的使用AllowAnonymous行为过滤器。但是，当我尝试按使用招的API，请求失败，状态401说，401 - 未经授权：访问由于凭据无效被拒绝

The Web API clients would consume the service anonymously. To allow this, I tried using AllowAnonymous action filter on both controller as well as the actions. But, when I try hitting the API using Fiddler, the request fails with status 401 saying "401 - Unauthorized: Access is denied due to invalid credentials".

有没有办法实现这一目标？

Is there a way to achieve this?

推荐答案

我有点迟到了，但要确保匿名身份验证已启用。然后加入：

I'm a bit late to the party, but ensure that Anonymous Authentication is enabled. Then add:

<configuration>
  ...
  <location path="api/...">
    <system.web>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>
  </location>
</configuration>

要你的web.config。

To your web.config.

我假设你有：

<system.web>
  ...
  <authentication mode="Windows" />
  <authorization>
    <deny users="?" />
  </authorization>
</system.web>

这为我工作。

这篇关于允许匿名的ASP.NET Web API控制器，​​而应用程序的其余部分Windows身份验证下运行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！