添加与OWIN多WWW身份验证头 [英] Add Multiple WWW-Authenticate headers with OWIN
问题描述
我希望我们的服务做广告多个身份验证方案:例如既承载和一些定制的方案,说的X自定义。 (我有每个方案的OWIN中间件组件)。我如果拿从 RFC 2616,秒14.47 有不止一种方法来做到这一点:
I want our service to advertise more than one authentication scheme: for example both Bearer and some custom scheme, say X-Custom. (I have an OWIN middleware component for each scheme). I take if from RFC 2616, sec 14.47 there is more than one way to do it:
选项A)多个头
WWW身份验证:承载
WWW身份验证:X-自定义
选项B)逗号分隔的列表
WWW身份验证:承载,X-自定义
Option b) comma-separated list
WWW-Authenticate: Bearer, X-Custom
我的preference将选项),这样客户只需要像做 Response.Headers.Exists(WWW身份验证,preferredScheme),而不是逗号解析头(其中RFC说,他们应该,但......)
My preference would be option a) so a client only has to do something like Response.Headers.Exists("WWW-Authenticate", preferredScheme) instead of comma parsing the header (which the RFC says they should, but...)
不过,武士刀使用字典头。尝试添加第二个标头抛出一个异常的钥匙WWW身份验证'已美元字典p $ psent。
However, Katana uses a dictionary for headers. Trying to add the second header throws an exception with "The key 'WWW-Authenticate' is already present in the dictionary."
是否有一个中间件组件注入超过一个WWW-Authenticate头的方式?
Is there a way for a middleware component to inject more than one WWW-Authenticate header?
推荐答案
是的IDictionary<字符串,字符串[]> 。 Key是一个字符串,但值是字符串数组。所以,你只需要设置标题是这样的。
It is IDictionary<string, string[]>. Key is a string but value is an array of string. So, you just need to set the header like this.
app.Run(async (IOwinContext context) =>
{
context.Response.Headers.Add("WWW-Authenticate",
new[] { "Bearer", "X-Custom" });
// Some other code
});
更新
我相信你很亲切接受我的答案,因为答案:)。谢谢,但不知道它回答你的问题,因此编辑。首先,我没有得到你试图让的地步,这是添加不同中间件不同的页眉,但希望看到他们在应对不同的线路。我不认为这是无论如何要像WWW验证标准HTTP标头做到这一点。其实在这之前我回答你的问题,我很快就写了一个小程序来验证,但我所犯的错误是拼错这个头。
正因为如此,我其实得到标头值这个样子。
UPDATE I believe you are very kind to accept my answer as answer :). Thanks but not sure it answered your question and hence the edit. First of all, I did not get the point you tried to make, which is to add the different headers from different middleware and yet wanting to see them in different lines in the response. I do not think there is anyway to do this for standard HTTP headers like WWW-Authenticate. In fact, before I answered your question, I quickly wrote a small program to verify but the mistake I made was to misspell this header. Because of that, I was actually getting the header values like this.
WWW-Authentciate: X-Custom
WWW-Authentciate: Bearer
不管怎么说,在两行获取标头值以下工作。
Anyways, the following works in getting the header values in two lines.
app.Use(async (IOwinContext context, Func<Task> next) =>
{
context.Response.Headers.Set("WWW-Authenticate", "Bearer");
await next.Invoke();
});
app.Run(async (IOwinContext context) =>
{
var x = context.Response.Headers.Get("WWW-Authenticate");
context.Response.Headers.Remove("WWW-Authenticate");
context.Response.Headers.Add("WWW-Authenticate", new[] { "X-Custom", x });
});
然而,这并不对标准头工作。然而,这是一个有趣的练习,但在一天结束的时候,有在这里API方面没有公认的标准(据我所知)。即使以某种方式得到这个工作,你想要的方式,你改变底层OWIN组件的那一刻,说服务器或主机,你可能会得到不同的行为。毕竟,选项A和选项B是完全一样的,你不应该看任何区别,如果你在某些库顶工作读取头,除非你做一些低层次的东西。
However, this does not work for standard headers. Nonetheless, this is an interesting exercise but at the end of the day, there is no accepted standard in terms of the API here (as far as I know). Even if you somehow get this working the way you want, the moment you change an underlying OWIN component, say the server or host, you could get different behavior. After all, option a and option b are exactly the same and you should not see any difference if you are working on top of some library to read the headers, unless you do some low-level stuff.
这篇关于添加与OWIN多WWW身份验证头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
