在 WebApi.Owin 中 SuppressDefaultHostAuthentication 也抑制了 webapi 之外的身份验证 [英] SuppressDefaultHostAuthentication in WebApi.Owin also suppressing authentication outside webapi
问题描述
我遇到了一个解决方案的问题,我使用 Visual Studio SPA 模板中的部分来在 WebApi 中使用 Oauth 身份验证的帐户控制器.
I am running into a problem with a solution where I used parts from the Visual Studio SPA template for having the Account Controller in WebApi with Oauth Authentication.
app.UseOAuthBearerTokens(OAuthOptions);
然后我在owin webapi注册是在做的
Then I in the owin webapi registration is doing
config.SuppressDefaultHostAuthentication();
但这也抑制了 webapi 环境之外的默认 cookie 身份验证.这是意图吗.如果是这样,我如何设置 WebApi 以抑制 cookie 身份验证,但它仍然在其他请求的环境中处于活动状态?
but this also supresses the default cookie authentication outside the webapi environment. Is this the intention. If so, how can I set up WebApi to supress cookie authentication but its still active accross the environment for other requests?
推荐答案
这似乎是一个很好的做法,尤其是当您在同一 IIS 目录中混合使用 OWIN 托管的应用程序和常规应用程序时,使用应用.地图.
It seems that it is a good practice, especially when you mix an OWIN-hosted app and a regular one on the same IIS dir, to setup WebApi with the app.Map.
public void Configuration(IAppBuilder app)
{
var configuration = WebApiConfiguration.HttpConfiguration;
app.Map("/api", inner =>
{
inner.UseWebApi(configuration);
});
}
我的所有控制器都配置了一个api"前缀路由,我只是将它移到了 map 函数中.现在 webapi 正在隔离运行,它可以与我的应用程序的其余部分一起运行.感谢@PinpointTownes 为我指明了这个方向.
I had all my controllers configured with a "api" prefix route, and I just moved that to the map function instead. Now webapi is running isolated and it works out with the rest of my application. Thanks @PinpointTownes for pointing me in this direction.
这篇关于在 WebApi.Owin 中 SuppressDefaultHostAuthentication 也抑制了 webapi 之外的身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!