WebApi 身份验证不适用于 MVC
WebApi Authentication is not applied to MVC
我有 ASP.NET 个带有自定义身份验证服务器的 MVC 应用程序。当用户想要登录时,应用程序弹出 window,完成后,令牌 returns,然后应用程序通过 WebApi 登录用户,
var cl = from d in (this.User.Identity as ClaimsIdentity).Claims
select new Claim(d.Type, d.Value);
var identity = new ClaimsIdentity(cl, "ApplicationCookie");
AuthenticationManager.SignIn(identity);
var name = cl.FirstOrDefault(x => x.Type.ToLower() == "login").Value;
Thread.CurrentPrincipal = new TaiAuthPrincipal(identity);
System.Web.Security.FormsAuthentication.SetAuthCookie(name, true);
并且在每个请求上 - WebApi 知道谁是用户,意思是 User.Identity 已定义;
但在 MVC 视图中,它始终为 null 并且 none of this execute
<div class="headerPane">
@{
if (User.Identity.IsAuthenticated)
{
@Html.Partial("HeaderPartialView")
}
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
@Html.Partial("HeaderPartialView")
}
if (System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
@Html.Partial("HeaderPartialView")
}
}
</div>
如何验证从 Web api 到 mvc 的用户?
前端基于 angularjs 的应用程序,因此所有授权内容都在前端通过 webapi 请求完成。所以 mvc 根本不知道任何事情。
为了完整起见,这就是TaiAuthPrincipal,确实没有什么特别的
public class TaiAuthPrincipal : IPrincipal
{
private IIdentity identity;
public IIdentity Identity
{
get { return identity; }
}
public bool IsInRole(string role)
{
var _role = (this.Identity as ClaimsIdentity).Claims.FirstOrDefault(x => x.Type.ToLower().Contains("GroupName".ToLower()));
return _role == null ? false : true;
}
public TaiAuthPrincipal(IIdentity _identity)
{
this.identity = _identity;
}
public TaiAuthPrincipal(ClaimsIdentity _identity)
{
this.identity = _identity as IIdentity;
}
}
Global.asax
void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
{
if (HttpContext.Current.Request.Url.AbsolutePath.StartsWith("/api/"))
{
System.Web.HttpContext.Current.SetSessionStateBehavior(System.Web.SessionState.SessionStateBehavior.Required);
}
}
Startup.cs
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
app.MapSignalR();
app.UseOAuthBearerAuthentication(new Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions());
}
}
如果您在 MVC 应用程序的同一个项目中制作 Web Api 那么您验证 Web 请求的方法是完全错误的。当您通过调用一个操作来请求您的视图时,您的 mvc 项目需要一个经过身份验证的请求,所以您需要做的是将您的访问令牌保存在客户端的 cookie 中,并随每个请求将其发送到服务器,并从该令牌中识别用户和设置 IPrincipal。看完这个答案会对你有帮助
ASP.NET MVC - Set custom IIdentity or IPrincipal
您的代码将如下所示
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
JavaScriptSerializer serializer = new JavaScriptSerializer();
CustomPrincipalSerializeModel serializeModel = serializer.Deserialize<CustomPrincipalSerializeModel>(authTicket.UserData);
CustomPrincipal newUser = new CustomPrincipal(authTicket.Name);
newUser.Id = serializeModel.Id;
newUser.FirstName = serializeModel.FirstName;
newUser.LastName = serializeModel.LastName;
HttpContext.Current.User = newUser;
}
}
我有 ASP.NET 个带有自定义身份验证服务器的 MVC 应用程序。当用户想要登录时,应用程序弹出 window,完成后,令牌 returns,然后应用程序通过 WebApi 登录用户,
var cl = from d in (this.User.Identity as ClaimsIdentity).Claims
select new Claim(d.Type, d.Value);
var identity = new ClaimsIdentity(cl, "ApplicationCookie");
AuthenticationManager.SignIn(identity);
var name = cl.FirstOrDefault(x => x.Type.ToLower() == "login").Value;
Thread.CurrentPrincipal = new TaiAuthPrincipal(identity);
System.Web.Security.FormsAuthentication.SetAuthCookie(name, true);
并且在每个请求上 - WebApi 知道谁是用户,意思是 User.Identity 已定义;
但在 MVC 视图中,它始终为 null 并且 none of this execute
<div class="headerPane">
@{
if (User.Identity.IsAuthenticated)
{
@Html.Partial("HeaderPartialView")
}
if (HttpContext.Current.User.Identity.IsAuthenticated)
{
@Html.Partial("HeaderPartialView")
}
if (System.Threading.Thread.CurrentPrincipal.Identity.IsAuthenticated)
{
@Html.Partial("HeaderPartialView")
}
}
</div>
如何验证从 Web api 到 mvc 的用户? 前端基于 angularjs 的应用程序,因此所有授权内容都在前端通过 webapi 请求完成。所以 mvc 根本不知道任何事情。
为了完整起见,这就是TaiAuthPrincipal,确实没有什么特别的
public class TaiAuthPrincipal : IPrincipal
{
private IIdentity identity;
public IIdentity Identity
{
get { return identity; }
}
public bool IsInRole(string role)
{
var _role = (this.Identity as ClaimsIdentity).Claims.FirstOrDefault(x => x.Type.ToLower().Contains("GroupName".ToLower()));
return _role == null ? false : true;
}
public TaiAuthPrincipal(IIdentity _identity)
{
this.identity = _identity;
}
public TaiAuthPrincipal(ClaimsIdentity _identity)
{
this.identity = _identity as IIdentity;
}
}
Global.asax
void MvcApplication_PostAuthenticateRequest(object sender, EventArgs e)
{
if (HttpContext.Current.Request.Url.AbsolutePath.StartsWith("/api/"))
{
System.Web.HttpContext.Current.SetSessionStateBehavior(System.Web.SessionState.SessionStateBehavior.Required);
}
}
Startup.cs
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
app.MapSignalR();
app.UseOAuthBearerAuthentication(new Microsoft.Owin.Security.OAuth.OAuthBearerAuthenticationOptions());
}
}
如果您在 MVC 应用程序的同一个项目中制作 Web Api 那么您验证 Web 请求的方法是完全错误的。当您通过调用一个操作来请求您的视图时,您的 mvc 项目需要一个经过身份验证的请求,所以您需要做的是将您的访问令牌保存在客户端的 cookie 中,并随每个请求将其发送到服务器,并从该令牌中识别用户和设置 IPrincipal。看完这个答案会对你有帮助
ASP.NET MVC - Set custom IIdentity or IPrincipal
您的代码将如下所示
protected void Application_PostAuthenticateRequest(Object sender, EventArgs e)
{
HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName];
if (authCookie != null)
{
FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value);
JavaScriptSerializer serializer = new JavaScriptSerializer();
CustomPrincipalSerializeModel serializeModel = serializer.Deserialize<CustomPrincipalSerializeModel>(authTicket.UserData);
CustomPrincipal newUser = new CustomPrincipal(authTicket.Name);
newUser.Id = serializeModel.Id;
newUser.FirstName = serializeModel.FirstName;
newUser.LastName = serializeModel.LastName;
HttpContext.Current.User = newUser;
}
}