允许匿名的ASP.NET Web API控制器,而应用程序的其余部分Windows身份验证下运行 [英] Allow anonymous to ASP.NET Web API controller while rest of the application runs under windows authentication
问题描述
我启用了Windows身份验证ASP.NET Web应用程序。我需要在使用某些应用程序的数据访问逻辑,该应用程序编写的ASP.NET Web API控制器。我不想单独创建的Web API一个新的项目,因为我需要公开只是处理几个请求的小终点。
I have an ASP.NET web application that has Windows authentication enabled. I need to write an ASP.NET Web API controller in that application that uses some of the data access logic of the application. I don't want to create a new project for the Web API alone as I need to expose just a small end point that handles a couple of requests.
在Web API的客户会以匿名方式使用服务。要实现这一点,我尝试使用两个控制器以及操作上的使用AllowAnonymous行为过滤器。但是,当我尝试按使用招的API,请求失败,状态401说,401 - 未经授权:访问由于凭据无效被拒绝
The Web API clients would consume the service anonymously. To allow this, I tried using AllowAnonymous action filter on both controller as well as the actions. But, when I try hitting the API using Fiddler, the request fails with status 401 saying "401 - Unauthorized: Access is denied due to invalid credentials".
有没有办法实现这一目标?
Is there a way to achieve this?
推荐答案
我有点迟到了,但要确保匿名身份验证已启用。然后加入:
I'm a bit late to the party, but ensure that Anonymous Authentication is enabled. Then add:
<configuration>
...
<location path="api/...">
<system.web>
<authorization>
<allow users="?"/>
</authorization>
</system.web>
</location>
</configuration>
要你的web.config。
To your web.config.
我假设你有:
<system.web>
...
<authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>
</system.web>
这为我工作。
这篇关于允许匿名的ASP.NET Web API控制器,而应用程序的其余部分Windows身份验证下运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!