AngularJS 和 Web API 表单认证 [英] AngularJS and Web API form authentication

问题描述

我是 AngularJS 的新手，我开始创建一个示例应用程序，这个应用程序有 2 个视图:

I'm new to AngularJS and I'm starting to create a sample application, this application has 2 views:

• 登录查看
• 欢迎查看

我的 AngularJS 虚拟应用程序一切正常，但现在我开始在服务器端实现登录功能:

Everything is working fine with my AngularJS dummy application but now I start implementing the Login functionality on server side:

[HttpPost]
        public JsonResult Login(string credentials)
        {
            bool returnVal = false;

            if (!string.IsNullOrEmpty(credentials))
            {
                FormsAuthentication.SetAuthCookie("DUMMY USER", true);
            }

            return Json(new
            {
                success = returnVal
            },
            JsonRequestBehavior.AllowGet);
        }

在欢迎控制器上我有:

 [Authorize]
        public JsonResult GetPersons()
        {
            return Json(new
            {
                success = false
            },
             JsonRequestBehavior.AllowGet);
        }

然后为了实现表单身份验证，我必须在 Web.Config 中设置:

Then in order to implement the Forms Authentication I have to set in the Web.Config:

<authentication mode="Forms">
      <forms loginUrl="/login" name=".ASPXFORMSAUTH" protection="All" timeout="1" slidingExpiration="true" />-->
    </authentication>

问题是这样做时会重定向 URL，所以我收到以下错误:

The problem is that when doing that it will redirects the URL, so I get the following error:

GET http://localhost:21871/login?ReturnUrl=%2fperson%2fGetPersons 404 (Not Found) 

而且因为 AngularJS 无法理解那条路线，所以我无法继续前进.

And because AngularJS can't understand that route then I can't keep going.

关于如何解决这个问题的任何线索，或者有更好的方法来做到这一点.

Any clue on how to address this or maybe there is a better way to do it.

谢谢

推荐答案

您可以使用任何您喜欢的身份验证/授权机制.但是当您调用 $http.get() 或 $http.post() 时，您希望收到一个 JSON 对象.但是如果您没有通过身份验证，您将被重定向到登录页面，这是一个 HTML 页面.因此，您检查成功的代码将失败.

You can use any authentication/authorization mechanism that you like. But when you are calling $http.get() or $http.post() you expect to receive a JSON object. But if you are not authenticated you will be redirected to login page which is an HTML page. Hence your code which is checking for success will fail.

您需要创建一个新的自定义授权过滤器(如 MyAuthorize)，通过任何可用技术(SimpleMembership、OAuth 等)对您的用户进行身份验证/授权，如果身份验证失败，则不返回 RedirectResult, 返回带有错误标志的 JSON 对象.然后您可以在每个 $http.get() 或 $http.post() 之后检查该标志，并从客户端重定向用户.我们总是开发自己的通信服务，调用 $http.get() 或 $http.post 并始终在那里进行检查.

You need to create a new custom authorize filter (like MyAuthorize) that authenticate/authorizes your user by any available technology (SimpleMembership, OAuth, etc) and if authentication fails then instead of returning a RedirectResult, returns a JSON object with an Error flag. Then you can check that flag after each $http.get() or $http.post(), and redirect the user from client side. We always develop our own communication service that calls $http.get() or $http.post and always make that check over there.

这篇关于AngularJS 和 Web API 表单认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！