声明身份验证与OWIN自托管的WebAPI [英] Claims Auth with OWIN Self Hosted WebApi
问题描述
我自托管的WebAPI具有以下配置:
I am self hosting WebApi with the following configuration:
的Visual Studio 2012 / .NET 4.0
Visual Studio 2012 / .NET 4.0
public void Configuration(IAppBuilder appBuilder)
{
var config = new HttpConfiguration();
// authentication
config.MessageHandlers.Add(new Shield.PresharedKeyAuthorizer());
// routing
config.Routes.MapHttpRoute(
name: "Default",
routeTemplate: "{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
appBuilder.UseWebApi(config);
}
我有一个简单的测试设置与以下 DelegatingHandler 以创建索赔并将其附加到当前线程。
I have a simple test setup with the following DelegatingHandler to create a claim and attach it to the current thread.
public class PresharedKeyAuthorizer : DelegatingHandler
{
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
{
var claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Name, "superstar"));
var identity = new ClaimsIdentity(claims, "PresharedKey");
var principal = new ClaimsPrincipal(identity);
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
HttpContext.Current.User = principal;
return base.SendAsync(request, cancellationToken);
}
}
然而,当我打的 ApiController 的标有授权属性,它不承认验证。
However, when I hit the ApiController that is marked with the Authorize attribute, it doesn't recognize the authentication.
[Authorize]
public class FilesController : ApiController
{
public IEnumerable<string> Get()
{
return new string[] { "Secure File A", "Secure File B" };
}
}
删除授权属性,设置断点,我可以看到,RequestContext.Principal财产的确是空。请求工作鳍无授权属性,所以我知道自我托管设置是正确的,但我必须失去了在认证管道的东西。
Removing the Authorize attribute and setting a breakpoint, I can see that RequestContext.Principal property is indeed null. The request works fin without the Authorize attribute, so I know the setup of the self hosting is correct, but I must be missing something in the authentication pipeline.
我在想什么,让这种说法兑授权属性工作?
What am I missing to allow that claim to work against the Authorize attribute?
在由IIS托管与同样的方法本相关答案似乎工作: http://stackoverflow.com/a/14872968/ 118224
This related answer with the same approach appears to work when hosted by IIS: http://stackoverflow.com/a/14872968/118224
推荐答案
在消息处理程序中,设置的主要是这样的。
In the message handler, set the principal like this.
request.GetRequestContext().Principal = principal;
不要用
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
HttpContext.Current.User = principal;
更新
它已经有一段时间我的工作.NET 4.0 / 2012 /网页API 2。所以,我不能回答是肯定的。但随着OWIN托管,主体必须在OWIN上下文中设置。 OwinHtt prequestContext 同时设置 Thread.CurrentPrincipal中和OWIN环境的主体。通过使用 request.GetRequestContext()。校长,这些细节是从你隐藏。为了使长话短说,我相信如果您一些如何设置OWIN方面本金,这将工作。不知道你如何能做到从网络API消息处理程序。你可以做到这一点从OWIN中间件。
It has been a while since I worked on .NET 4.0/2012/Web API <2. So, I cannot answer for sure. But with OWIN hosting, principal must be set in the OWIN context. OwinHttpRequestContext sets both Thread.CurrentPrincipal and the principal in OWIN context. By using request.GetRequestContext().Principal, these details are hidden from you. To make long story short, I believe if you some how set the principal in OWIN context, this will work. Not sure how you can do that from web API message handler. You can do that from OWIN middleware.
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
config.Routes.MapHttpRoute("default", "api/{controller}/{id}");
//config.MessageHandlers.Add(new PresharedKeyAuthorizer());
app.Use((IOwinContext context, Func<Task> next) =>
{
var claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Name, "superstar"));
var identity = new ClaimsIdentity(claims, "PresharedKey");
var principal = new ClaimsPrincipal(identity);
context.Request.User = principal;
return next.Invoke();
});
app.UseWebApi(config);
}
这篇关于声明身份验证与OWIN自托管的WebAPI的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
