使用MVC FormsAuthentication验证在.NET的Web API [英] Authentication in .NET Web API using MVC FormsAuthentication
问题描述
我们必须使用AngularJS框架,需要与在不同的领域中的.NET Web API实现的API单页的应用程序。
We have a single page application using the AngularJS framework that needs to talk to a API implemented in .NET Web API on a different domain.
问题
该API在的.NET Web API实现的。来验证用户访问我们的API,我们实现了MVC的单页应用程序模板的用户。这将使用FormsAuthentication授予acccess的API。
The API is implemented in .NET Web API. To authenticate a user for access to our API we implemented the MVC Single Page Application template. This uses FormsAuthentication to grant acccess to the API.
我们使用提琴手调试。当我们访问的API的控制器,在浏览器中直接要求认证,我们可以确认该用户确实验证。当我们做了XMLHtt prequest,为疑似,没有身份验证cookie是在头文件发送。
We used Fiddler to debug. When we visited a controller on the API that required authentication directly in the browser we could confirm that the user was indeed authenticated. When we did a XMLHttpRequest, as suspected, no authentication cookies were sent in the headers.
我们希望做到的是使用FormsAuthentication希望能通过XMLHtt prequests访问的.NET Web API。
What we would like to accomplish is to use FormsAuthentication to access the .NET Web API hopefully through XMLHttpRequests.
提出的一个解决方案,这是共享的.NET Web API和MVC之间的会话。我们怎么能轻易维持的.NET Web API和项目的MVC部分之间的状态?
One proposed solution to this was to share sessions between the .NET Web API and the MVC. How can we easily maintain state between the .NET Web API and the MVC part of the project?
的这不是很平安,我们知道,但我们需要一个快速的解决这个问题。的
的 PS!该FormsAuthentication适用于使用[授权]属性的.NET Web API控制器。这是只有控制器无法与XMLHtt prequests被accesed。的
提琴手截图在使用XMLHtt prequest
![XmlHtt](\"http://content.screencast.com/users/kennethlynne/folders/Jing/media/bb5931e2-9be8-4cbc-857d-9ed95188eb99/2013-04-09_1437.png\")
截图时,请求在浏览器中直接完成提琴手![直接在浏览器](\"http://content.screencast.com/users/kennethlynne/folders/Jing/media/26446429-0aa9-4230-a701-7d95bd8f3c62/2013-04-09_1438.png\")
Screenshot of fiddler when request is done directly in the browser
验证控制器的屏幕截图测试![验证器](\"http://content.screencast.com/users/kennethlynne/folders/Jing/media/f0da991e-a387-4162-8274-1f0157854670/2013-04-09_1440.png\")
Screenshot of a authentication controller to test
推荐答案
这是一个 CORS 请求。
您可以使用Microsoft.AspNet.WebApi.Cors库。
This is a CORS request. You can use Microsoft.AspNet.WebApi.Cors library.
这只是需要的WebAPI配置添加一行在ASP.NET WEB API使用CORS:
It's just need add ONE line at webapi config to use CORS in ASP.NET WEB API:
config.EnableCors("*","*","*");
这篇关于使用MVC FormsAuthentication验证在.NET的Web API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
