Owin 自托管 WebApi Windows 身份验证和匿名
Owin Self-Host WebApi Windows Authentication and Anonymous
我有一个自托管的 Owin WebAPI。我想通过身份验证保护一些路由。大多数路线应该可以匿名访问。
我已经成功实现了 Windows-Auth,但现在我在匿名访问标有 [AllowAnonymous] 的路由时尝试访问它们时得到 401 - Unauthorized。如果我使用有效凭据调用该方法,一切正常。
完美的解决方案是默认允许匿名,并且仅当操作具有 [Authorize] 属性时才需要凭据。
Owin 配置
public void Configuration(IAppBuilder appBuilder)
{
// Enable Windows Authentification
HttpListener listener = (HttpListener)appBuilder.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;
HttpConfiguration config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
appBuilder.Use(typeof(WinAuthMiddleware));
appBuilder.UseWebApi(config);
}
WinAuth OwinMiddleware
public class WinAuthMiddleware : OwinMiddleware
{
public WinAuthMiddleware(OwinMiddleware next) : base(next) {}
public async override Task Invoke(IOwinContext context)
{
WindowsPrincipal user = context.Request.User as WindowsPrincipal;
//..
}
}
一个示例操作
public class ValuesController : ApiController
{
[AllowAnonymous] // attribute gets ignored
[Route("Demo")]
[HttpGet]
public string Get()
{
//..
}
}
您的问题是您将 HttpListener 配置为仅支持 Windows 身份验证。这类似于仅使用 Windows 身份验证配置 IIS 站点:对该站点的每个请求都必须经过 windows 身份验证。
要有选择地激活身份验证,您需要通过将配置更改为此
来允许Windows身份验证和匿名身份验证
public void Configuration(IAppBuilder appBuilder)
{
// Enable Windows Authentification and Anonymous authentication
HttpListener listener =
(HttpListener)appBuilder.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes =
AuthenticationSchemes.IntegratedWindowsAuthentication |
AuthenticationSchemes.Anonymous;
HttpConfiguration config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
appBuilder.Use(typeof(WinAuthMiddleware));
appBuilder.UseWebApi(config);
}
这样做,您的标准 [Authorize] 和 [AllowAnymous] 标签就会开始按预期工作。
我有一个自托管的 Owin WebAPI。我想通过身份验证保护一些路由。大多数路线应该可以匿名访问。
我已经成功实现了 Windows-Auth,但现在我在匿名访问标有 [AllowAnonymous] 的路由时尝试访问它们时得到 401 - Unauthorized。如果我使用有效凭据调用该方法,一切正常。
完美的解决方案是默认允许匿名,并且仅当操作具有 [Authorize] 属性时才需要凭据。
Owin 配置
public void Configuration(IAppBuilder appBuilder)
{
// Enable Windows Authentification
HttpListener listener = (HttpListener)appBuilder.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;
HttpConfiguration config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
appBuilder.Use(typeof(WinAuthMiddleware));
appBuilder.UseWebApi(config);
}
WinAuth OwinMiddleware
public class WinAuthMiddleware : OwinMiddleware
{
public WinAuthMiddleware(OwinMiddleware next) : base(next) {}
public async override Task Invoke(IOwinContext context)
{
WindowsPrincipal user = context.Request.User as WindowsPrincipal;
//..
}
}
一个示例操作
public class ValuesController : ApiController
{
[AllowAnonymous] // attribute gets ignored
[Route("Demo")]
[HttpGet]
public string Get()
{
//..
}
}
您的问题是您将 HttpListener 配置为仅支持 Windows 身份验证。这类似于仅使用 Windows 身份验证配置 IIS 站点:对该站点的每个请求都必须经过 windows 身份验证。
要有选择地激活身份验证,您需要通过将配置更改为此
来允许Windows身份验证和匿名身份验证public void Configuration(IAppBuilder appBuilder)
{
// Enable Windows Authentification and Anonymous authentication
HttpListener listener =
(HttpListener)appBuilder.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes =
AuthenticationSchemes.IntegratedWindowsAuthentication |
AuthenticationSchemes.Anonymous;
HttpConfiguration config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
appBuilder.Use(typeof(WinAuthMiddleware));
appBuilder.UseWebApi(config);
}
这样做,您的标准 [Authorize] 和 [AllowAnymous] 标签就会开始按预期工作。