.NET的WebAPI认证 [英] .NET WebApi Authentication
问题描述
目前,我有销售小部件的MVC Web应用程序。然后,用户登录到我们的系统中使用窗体身份验证,并能做到根据他们属于(即下订单,查看订单,取消订单等)组各种功能。
我们一直在负责编写的API,这将使第三方创建在我们的系统的能力和查看订单。各第三方将具有它自己的用户名和将被限制在基于属于该组的某些API方法
我们正在考虑使用Web API作为一种机制来提供API。我们也希望能够从我们的MVC的Web应用程序消耗这个API。不幸的是,我们正在运行与验证的网页API的问题。使用DelegatingHandler,我们已经通过SSL对我们的WebAPI实现基本身份验证。这为我们的第三方的伟大工程。然而,试图使用来自我们的MVC应用程序,我们正在进入401的API时否认错误,因为用户是在MVC应用程序中使用窗体身份验证验证,但我们没有传递到Web阿比这些凭据的方式。有没有一种方法来传递形式从我们的MVC应用程序验证凭据我们的Web API的应用程序?
IIS安装
网页命名WidgetStore有两个Web应用程序
- WidgetStore \\ UI -uses窗体身份验证
- WidgetStore \\ API - 使用基本身份验证
有没有办法来传递形式从我们的MVC应用程序验证凭据我们的Web API的应用程序?
当然,让我们举个例子以下MVC控制器动作调用的Web API:
[授权]
公众的ActionResult CallWebApi()
{
VAR baseAddress =新的URI(https://example.com);
VAR的CookieContainer =新的CookieContainer();
使用(VAR处理器=新HttpClientHandler(){=的CookieContainer}的CookieContainer)
使用(VAR的客户=新的HttpClient(处理){BaseAddress = baseAddress})
{
VAR authCookie = Request.Cookies时[FormsAuthentication.FormsCookieName] .value的;
cookieContainer.Add(baseAddress,新的Cookie(FormsAuthentication.FormsCookieName,authCookie));
VAR的结果= client.GetAsync(/ API /值)结果。
result.EnsureSuccessStatus code(); //现在你可以阅读result.Content ...
}
}这假定您已经也使窗体身份验证在Web API项目的web.config文件和cookie名称是一样的在你的MVC项目中使用的。
Currently, I have an MVC web application that sells widgets. A user logs into our system using forms authentication, and can then do various functions based on the group they belong to(ie Place an order, View an Order, Cancel an Order, etc).
We've been tasked with writing an Api that will give third parties the ability to create and view orders in our system. Each third party will have it's own username and will be limited to certain api methods based upon the group they belong to.
We are looking at using Web Api as a mechanism to provide the api. We would also like to be able to consume this api from our MVC web application. Unfortunately, we are running into issues with Authentication for the Web Api. Using a DelegatingHandler, we have implemented Basic Authentication over SSL for our WebApi. This works great for our third parties. However, when trying to consume the Api from our MVC application we are getting 401 access denied errors because the user was authenticated in the MVC app using Forms authentication, but we have no way of passing those credentials on to the Web Api. Is there a way to pass the Forms Auth credentials from our MVC app to our Web api app?
IIS Setup WebSite named WidgetStore with two web applications
- WidgetStore\UI -uses forms authentication
- WidgetStore\Api - uses basic authentication
解决方案Is there a way to pass the Forms Auth credentials from our MVC app to our Web api app?
Sure, let's take for example the following MVC controller action calling the Web API:
[Authorize] public ActionResult CallWebApi() { var baseAddress = new Uri("https://example.com"); var cookieContainer = new CookieContainer(); using (var handler = new HttpClientHandler() { CookieContainer = cookieContainer }) using (var client = new HttpClient(handler) { BaseAddress = baseAddress }) { var authCookie = Request.Cookies[FormsAuthentication.FormsCookieName].Value; cookieContainer.Add(baseAddress, new Cookie(FormsAuthentication.FormsCookieName, authCookie)); var result = client.GetAsync("/api/values").Result; result.EnsureSuccessStatusCode(); // now you can read the result.Content ... } }This assumes that you have also enabled forms authentication in the web.config of your Web API project and that the cookie name is the same as the one used in your MVC project.
这篇关于.NET的WebAPI认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
