网页API 2基本认证通用校长没有设置 [英] Web Api 2 Basic Auth Generic Principal Not Set
问题描述
我有以下的code设置通用负责人。
I have the following code to set a Generic Principal.
public class AuthenticationHandler: DelegatingHandler
{
protected override System.Threading.Tasks.Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,
CancellationToken cancellationToken)
{
var accessToken = request.Headers.Authorization;
if (accessToken == null)
return base.SendAsync(request, cancellationToken);
// Catch an error with regards to the accessToken being invalid
try
{
var formsAuthenticationTicket = FormsAuthentication.Decrypt(accessToken.Parameter);
if (formsAuthenticationTicket == null)
return base.SendAsync(request, cancellationToken);
var data = formsAuthenticationTicket.UserData;
var userData = JsonConvert.DeserializeObject<LoginRoleViewModel>(data);
var identity = new GenericIdentity(userData.Id.ToString(), "Basic");
var userRole = userData.Roles.ToArray();
var principal = new GenericPrincipal(identity, userRole);
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
}
catch (Exception ex)
{
var responseMessage = request.CreateResponse(HttpStatusCode.BadRequest, new { ex.Message }); // return ex for full stacktrace
return Task<HttpResponseMessage>.Factory.StartNew(() => responseMessage);
}
return base.SendAsync(request, cancellationToken);
}
}
下面是控制器的示例
Below is an example of a controller
[Authorize(Roles = "Administrator, Customers")]
[HttpGet("customers/{id}")]
public CustomerViewModel GetCustomer(string id)
{
var param = AuthService.CheckPermission(Request, User, id);
var customer = Db.Customers.Find(param);
return Mapper.Map<CustomerViewModel>(customer);
}
而这正是我检查,如果用户角色
And this is where I check if the user roles
public int CheckPermission(HttpRequestMessage request, IPrincipal user, string param)
{
if (user.IsInRole("Customers") || user.IsInRole("Dealerships"))
{
if (param == null || param != "me")
throw new HttpResponseException(request.CreateErrorResponse(HttpStatusCode.Forbidden, "unauthorized request"));
param = user.Identity.Name;
}
return Convert.ToInt32(param);
}
这是完美的工作升级到网页API 2和MVC前5?现在,用户没有任何角色或身份,有什么改变了这一切,我不知道的?
This was working perfectly before upgrading to Web Api 2 and MVC 5? Now the User has no roles or identity, has something changed that I am unaware of?
推荐答案
不知道为什么它不工作了,但是在网页API 2,有一类新的 的Htt prequestContext
与 主要
属性,那是你应该设置更新< STRONG> 主要
。您可以从请求访问上下文对象。
Not sure why it doesn't work anymore, but in Web API 2, there is a new class HttpRequestContext
with a Principal
property, and that is what you should be setting to update the Principal
. You can access the context object from the request.
这篇关于网页API 2基本认证通用校长没有设置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!