为Forms身份验证配置的WebAPI [英] Configuring WebAPI for Forms Authentication

问题描述

我正在使用的WebAPI，并试图实现窗体身份验证。我的应用程序使用simpleMembership。出于某种原因，我的控制器恢复到我的Windows凭据来检查，看看是否要求进行身份验证，当它应该只使用simpleMembership对我的应用程序的数据库：

I'm working with webApi and trying to implement forms auth. My application is using simpleMembership. For some reason my controllers are reverting to my windows credentials to check and see if a request is authenticated, when it should just be using simpleMembership against my app's database:

我已经禁用的Windows和匿名身份验证的应用程序，并在我的applicationhost配置文件...需要做什么？

I've disabled windows and anonymous auth in the app and in my applicationhost config file... what else needs to be done?

推荐答案

在您的API控制器，​​当你需要强制执行身份验证（非公控制器或动作），你需要使用

In your API Controllers, when you need to enforce authentication (non-public controllers or actions) you need to use the

[Authorize]

...属性，在任的控制器或行动水平，根据您的需要。 请注意，这是在System.Web.Http不是一个在System.Web.Mvc实现属性

... attribute at either the controllers or action level, according to your needs. Please note this is the attribute implemented on System.Web.Http not the one in System.Web.Mvc

您使用的阿比控制器的人核对Thread.CurrentPrincipal.Identity.IsAuthenticated，而不是HttpContext.User.Identity.IsAuthenticated为System.Web.Mvc.AuthorizeAttribute一样。

The one you use for Api Controllers checks the Thread.CurrentPrincipal.Identity.IsAuthenticated instead of HttpContext.User.Identity.IsAuthenticated as System.Web.Mvc.AuthorizeAttribute does.

您需要填充这个​​校长对每个请求，通常使用DelegatingHandler，这是这个链接解释：

You need to populate this Principal on each request, usually by using a DelegatingHandler, which is explained on this link:

<一个href="http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-message-handlers/" rel="nofollow">http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-message-handlers/

在上面的链接，笔者使用基本HTTP认证，它在传输对每个请求明文凭证;但你可以以填充校长，这是所有你需要实现自己的身份验证策略。

In the link above, the author is using Basic HTTP Authentication, which transmit the credentials in plain text on each request; but you can implement your own authentication strategy in order to populate the Principal, which is all you need.

这篇关于为Forms身份验证配置的WebAPI的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！