经过身份验证的用户在 web api owin 中间件中丢失
Authenticated user is lost in web api owin middleware
我正在使用 owin middleware 和 Jwt Bearer Aurhentication 以及 Autofac 来帮助我的 Webapi 处理请求。
JwtBearerAuthentication 中间件工作正常并将 HttpContext.Current.User.Identity.IsAuthenticated 设置为 true 并且它一直持续到管道到达 webapi middleware ,在我的 webapi 认证用户丢失
中间件顺序如下:
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
WebApiConfig.Register(config);
#region Autofac config
var container = AutofacWebapiConfig.Initialize(GlobalConfiguration.Configuration);
config.DependencyResolver = new AutofacWebApiDependencyResolver(container);
#endregion
#region RoutConfig
RouteConfig.RegisterRoutes(RouteTable.Routes);
#endregion
//Register middlewares
app.UseAutofacMiddleware(container);
app.UseAutofacWebApi(config);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseJwtBearerAuthentication(new MyJwtAuthenticationOptions());
app.Use<RedirectUnAuthenticateRequestsMiddleware>();
app.Use<ReadBodyMiddleware>();
app.UseWebApi(config); //in this middleware authenticated user is lost
}
这是我的 WebApiConfig class:
public static void Register(HttpConfiguration config)
{
// Owin auth
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter("Signature"));
GlobalConfiguration.Configuration.IncludeErrorDetailPolicy =
IncludeErrorDetailPolicy.Always;
// Web API routes
config.EnableCors(new EnableCorsAttribute("*", "*", "*"));
config.MapHttpAttributeRoutes();
config.Services.Insert(typeof(ModelBinderProvider), 0,
new SimpleModelBinderProvider(typeof(DocumentModel), new FromFormDataBinding()));
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "{controller}/{action}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}
你有什么想法吗?
Update:
在认证中间件之后的owin中间件里面,IsAuthenticated设置为true
public override async Task Invoke(IOwinContext context)
{
var isAuth=context.Request.User.Identity.IsAuthenticated;//It is true as expected.
await Next.Invoke(context);
return;
}
但是当它到达我的控制器时
HttpContext.Current.User.Identity.IsAuthenticated;//It is false.
问题出在 WebApiConfig class;
中的这一行
config.SuppressDefaultHostAuthentication();
当我发表评论时,问题消失了,经过身份验证的用户仍然存在于 webapi 中。
我正在使用 owin middleware 和 Jwt Bearer Aurhentication 以及 Autofac 来帮助我的 Webapi 处理请求。
JwtBearerAuthentication 中间件工作正常并将 HttpContext.Current.User.Identity.IsAuthenticated 设置为 true 并且它一直持续到管道到达 webapi middleware ,在我的 webapi 认证用户丢失
中间件顺序如下:
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
WebApiConfig.Register(config);
#region Autofac config
var container = AutofacWebapiConfig.Initialize(GlobalConfiguration.Configuration);
config.DependencyResolver = new AutofacWebApiDependencyResolver(container);
#endregion
#region RoutConfig
RouteConfig.RegisterRoutes(RouteTable.Routes);
#endregion
//Register middlewares
app.UseAutofacMiddleware(container);
app.UseAutofacWebApi(config);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseJwtBearerAuthentication(new MyJwtAuthenticationOptions());
app.Use<RedirectUnAuthenticateRequestsMiddleware>();
app.Use<ReadBodyMiddleware>();
app.UseWebApi(config); //in this middleware authenticated user is lost
}
这是我的 WebApiConfig class:
public static void Register(HttpConfiguration config)
{
// Owin auth
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter("Signature"));
GlobalConfiguration.Configuration.IncludeErrorDetailPolicy =
IncludeErrorDetailPolicy.Always;
// Web API routes
config.EnableCors(new EnableCorsAttribute("*", "*", "*"));
config.MapHttpAttributeRoutes();
config.Services.Insert(typeof(ModelBinderProvider), 0,
new SimpleModelBinderProvider(typeof(DocumentModel), new FromFormDataBinding()));
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "{controller}/{action}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}
你有什么想法吗?
Update:
在认证中间件之后的owin中间件里面,IsAuthenticated设置为true
public override async Task Invoke(IOwinContext context)
{
var isAuth=context.Request.User.Identity.IsAuthenticated;//It is true as expected.
await Next.Invoke(context);
return;
}
但是当它到达我的控制器时
HttpContext.Current.User.Identity.IsAuthenticated;//It is false.
问题出在 WebApiConfig class;
config.SuppressDefaultHostAuthentication();
当我发表评论时,问题消失了,经过身份验证的用户仍然存在于 webapi 中。