使用集成Windows身份验证从MVC应用程序调用Web API [英] Call Web API from MVC Application with Integrated Windows Authentication
问题描述
我有一个MVC应用程序和一个关联的Web API项目,它们都托管在IIS上的远程服务器上。它们共享相同的应用程序池。每当我尝试从MVC应用程序调用Web API时,我都会收到403错误,这似乎来自HttpClientHandler传递的错误凭据。我有
I have an MVC Application and an associated Web API project that are both hosted on a remote server on IIS. They share the same application pool. Whenever I try to make a call to the Web API from the MVC Application I get a 403 error, which appears to be coming from bad credentials being passed by the HttpClientHandler. I have
UseDefaultCredentials = true
我试过设置
Credentials = CredentialCache.DefaultNetworkCredentials
但这些都不允许API请求通过。
but neither of these allows the API request to go through.
设置使用我的AD用户名/密码的应用程序池允许所有API请求通过,并且直接从Postman调用API可以正确地返回数据。
Setting the Application Pool to use my AD Username/Password allows all API requests to go through, and also calling the API directly from Postman returns data properly.
我的假设是IIS AppPool [Pool Name]在请求中转发,并且永远不会传递正确的凭据。反正这有没有使API不安全(即,只有几个域组应该能够访问它)?
My assumption is that IIS AppPool[Pool Name] is getting forwarded in the request, and the proper credentials are never passed. Is there anyway around this without making the API unsecure (I.e. only a couple of domain groups should be able to access it)?
我从MVC应用程序调用API的示例
Example of a call I'm making to the API from the MVC application
public async Task<HttpResponseMessage> CreateIncident(Incident model)
{
using (var client = new HttpClient(new HttpClientHandler { UseDefaultCredentials = true }))
{
var newIncident = new StringContent(JsonConvert.SerializeObject(model), Encoding.UTF8, "application/json");
var response = await client.PostAsync(hostUri, newIncident);
return response;
}
}
推荐答案
你可以在这个GitHub讨论页面上找到如何模拟已经过身份验证的(windows)用户: https:/ /github.com/aspnet/Home/issues/1805
You can find out how to impersonate an already authenticated (windows) user at this GitHub discussion page: https://github.com/aspnet/Home/issues/1805
ilanc有一个非常好的演示,底部有一个链接。
ilanc has a really good demo with a link towards the bottom.
这篇关于使用集成Windows身份验证从MVC应用程序调用Web API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
