的ASP.NET Web API自主机使用Windows身份验证 [英] ASP.NET Web API Self-Host with Windows Authentication

问题描述

我想使用的ASP.NET Web API自托管选项与Windows身份验证，以便我能确定登录的用户，并最终接受或拒绝根据其身份的用户。下面是我的控制台应用程序code：

I am trying to use the ASP.NET Web API Self-Host option with Windows authentication so I can determine the logged on user and ultimately accept or reject the user based on their identity. Here is my console application code:

using System;
using System.Web.Http;
using System.Web.Http.SelfHost;

namespace SelfHost
{
    class Program
    {
        static void Main(string[] args)
        {
            var config = new HttpSelfHostConfiguration("http://myComputerName:8080");
            config.UseWindowsAuthentication = true;

            config.Routes.MapHttpRoute(
                "API Default", "api/{controller}/{id}",
                new { id = RouteParameter.Optional });

            using (HttpSelfHostServer server = new HttpSelfHostServer(config))
            {
                server.OpenAsync().Wait();

                Console.WriteLine("Press Enter to quit.");
                Console.ReadLine();
            }
        }
    }
}

下面是控制器：

[Authorize]
public class HelloController : ApiController
{
    public string Get()
    {
        // This next line throws an null reference exception if the Authorize
        // attribute is commented out.
        string userName = Request.GetUserPrincipal().Identity.Name;
        return "Hello " + userName;
    }
}

编辑 - 我加了授权属性，调试器显示的Get操作方法里面的code是永远不会被调用。下面的HTML返回：

Edit - I added the Authorize attribute, and the debugger shows that the code inside the Get action method is never invoked. The following HTML is returned:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=windows-1252" http-equiv=Content-Type></HEAD>
<BODY></BODY></HTML>

如果在授权属性被注释掉， Request.GetUserPrincipal（）。Identity.Name 抛出一个空引用异常，因为 Request.GetUserPrincipal（） 产生空。

If the Authorize attribute is commented out, Request.GetUserPrincipal().Identity.Name throws a null reference exception since Request.GetUserPrincipal() yields null.

推荐答案

我已经打了这个问题，以及和我已经想出了唯一的解决办法是提供专门的HttpSelfHostedConfiguration：

I've hit this issue as well and the only solution I've came up with is to deliver dedicated HttpSelfHostedConfiguration:

public class NtlmSelfHostConfiguration : HttpSelfHostConfiguration
{
    public NtlmSelfHostConfiguration(string baseAddress)
        : base(baseAddress)
    { }

    public NtlmSelfHostConfiguration(Uri baseAddress)
        : base(baseAddress)
    { }

    protected override BindingParameterCollection OnConfigureBinding(HttpBinding httpBinding)
    {
        httpBinding.Security.Mode = HttpBindingSecurityMode.TransportCredentialOnly;
        httpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
        return base.OnConfigureBinding(httpBinding);
    }
}

要使用它，你只需要改变一行（你不需要设置UseWindowsAuthentication了）：

To use it you just need to change one line (you don't need to set UseWindowsAuthentication anymore):

var config = new NtlmSelfHostConfiguration("http://myComputerName:8080");

这种方法唯一的问题是现在需要对服务器的每个请求是使用此配置的身份验证。

The only issue with this approach is that authentication is now required for every request made to server which is using this configuration.

这篇关于的ASP.NET Web API自主机使用Windows身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！