为Forms身份验证配置的WebAPI [英] Configuring WebAPI for Forms Authentication
问题描述
我正在使用的WebAPI,并试图实现窗体身份验证。我的应用程序使用simpleMembership。出于某种原因,我的控制器恢复到我的Windows凭据来检查,看看是否要求进行身份验证,当它应该只使用simpleMembership对我的应用程序的数据库:
I'm working with webApi and trying to implement forms auth. My application is using simpleMembership. For some reason my controllers are reverting to my windows credentials to check and see if a request is authenticated, when it should just be using simpleMembership against my app's database:
我已经禁用的Windows和匿名身份验证的应用程序,并在我的applicationhost配置文件...需要做什么?
I've disabled windows and anonymous auth in the app and in my applicationhost config file... what else needs to be done?
推荐答案
在您的API控制器,当你需要强制执行身份验证(非公控制器或动作),你需要使用
In your API Controllers, when you need to enforce authentication (non-public controllers or actions) you need to use the
[Authorize]
...属性,在任的控制器或行动水平,根据您的需要。 请注意,这是在System.Web.Http不是一个在System.Web.Mvc实现属性
... attribute at either the controllers or action level, according to your needs. Please note this is the attribute implemented on System.Web.Http not the one in System.Web.Mvc
您使用的阿比控制器的人核对Thread.CurrentPrincipal.Identity.IsAuthenticated,而不是HttpContext.User.Identity.IsAuthenticated为System.Web.Mvc.AuthorizeAttribute一样。
The one you use for Api Controllers checks the Thread.CurrentPrincipal.Identity.IsAuthenticated instead of HttpContext.User.Identity.IsAuthenticated as System.Web.Mvc.AuthorizeAttribute does.
您需要填充这个校长对每个请求,通常使用DelegatingHandler,这是这个链接解释:
You need to populate this Principal on each request, usually by using a DelegatingHandler, which is explained on this link:
<一个href="http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-message-handlers/" rel="nofollow">http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-message-handlers/
在上面的链接,笔者使用基本HTTP认证,它在传输对每个请求明文凭证;但你可以以填充校长,这是所有你需要实现自己的身份验证策略。
In the link above, the author is using Basic HTTP Authentication, which transmit the credentials in plain text on each request; but you can implement your own authentication strategy in order to populate the Principal, which is all you need.
这篇关于为Forms身份验证配置的WebAPI的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!