网页API 2基本认证通用校长没有设置 [英] Web Api 2 Basic Auth Generic Principal Not Set

问题描述

我有以下的code设置通用负责人。

I have the following code to set a Generic Principal.

public class AuthenticationHandler: DelegatingHandler
{
    protected override System.Threading.Tasks.Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,
                                                                                  CancellationToken cancellationToken)
    {
        var accessToken = request.Headers.Authorization;
        if (accessToken == null)
            return base.SendAsync(request, cancellationToken);

        // Catch an error with regards to the accessToken being invalid
        try
        {
            var formsAuthenticationTicket = FormsAuthentication.Decrypt(accessToken.Parameter);

            if (formsAuthenticationTicket == null)
                return base.SendAsync(request, cancellationToken);

            var data = formsAuthenticationTicket.UserData;
            var userData = JsonConvert.DeserializeObject<LoginRoleViewModel>(data);

            var identity = new GenericIdentity(userData.Id.ToString(), "Basic");

            var userRole = userData.Roles.ToArray();
            var principal = new GenericPrincipal(identity, userRole);
            Thread.CurrentPrincipal = principal;
            HttpContext.Current.User = principal;

        }
        catch (Exception ex)
        {
            var responseMessage = request.CreateResponse(HttpStatusCode.BadRequest, new { ex.Message }); // return ex for full stacktrace
            return Task<HttpResponseMessage>.Factory.StartNew(() => responseMessage);
        }

        return base.SendAsync(request, cancellationToken);
    }

}

下面是控制器的示例

Below is an example of a controller

[Authorize(Roles = "Administrator, Customers")]
[HttpGet("customers/{id}")]
public CustomerViewModel GetCustomer(string id)
{
    var param = AuthService.CheckPermission(Request, User, id);
    var customer = Db.Customers.Find(param);
    return Mapper.Map<CustomerViewModel>(customer);
}

而这正是我检查，如果用户角色

And this is where I check if the user roles

public int CheckPermission(HttpRequestMessage request, IPrincipal user, string param)
{
    if (user.IsInRole("Customers") || user.IsInRole("Dealerships"))
    {
        if (param == null || param != "me")
            throw new HttpResponseException(request.CreateErrorResponse(HttpStatusCode.Forbidden, "unauthorized request"));
        param = user.Identity.Name;
    }

    return Convert.ToInt32(param);
}

这是完美的工作升级到网页API 2和MVC前5？现在，用户没有任何角色或身份，有什么改变了这一切，我不知道的？

This was working perfectly before upgrading to Web Api 2 and MVC 5? Now the User has no roles or identity, has something changed that I am unaware of?

推荐答案

不知道为什么它不工作了，但是在网页API 2，有一类新的 的Htt prequestContext 与 主要 属性，那是你应该设置更新< STRONG> 主要 。您可以从请求访问上下文对象。

Not sure why it doesn't work anymore, but in Web API 2, there is a new class HttpRequestContext with a Principal property, and that is what you should be setting to update the Principal. You can access the context object from the request.

这篇关于网页API 2基本认证通用校长没有设置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！