ASP.NET MVC 3匿名授权不起作用
[英]ASP.NET mvc 3 Anonymous Authorization not working
问题描述
I have a strange issue that of course only occurs on our production box. 
我有一个奇怪的问题,它当然只会在生产盒上发生。 It works on our test server and on my box. 它适用于我们的测试服务器和我的盒子。
I have an ASP.NET MVC 3 controller that is serving exposing a RESTful API. 我有一个ASP.NET MVC 3控制器,用于公开RESTful API。 I have enabled anonymous users to call these service with the code shown below. 我已使匿名用户可以使用下面显示的代码来调用这些服务。 Calling these methods via GET works just fine (using WebRequest). 通过GET调用这些方法可以很好地工作(使用WebRequest)。 However, when trying to POST data (using HttpClient) it fails with a 401 error. 但是,尝试发布数据(使用HttpClient)时会失败,并显示401错误。
This web service is hosted within another IIS site which uses Windows Auth. 该Web服务托管在另一个使用Windows Auth的IIS站点中。 But I configured this directory to allow Anonymous and disabled windows auth. 但我将此目录配置为允许匿名和禁用的Windows身份验证。 It lives in /Areas/Services under the main site. 它位于主站点下的/ Areas / Services中。
I have configured IIS to allow Anonymous authentication and even enabled it in the web.config. 我已将IIS配置为允许匿名身份验证,甚至在web.config中启用了它。 However, when I try to POST data to this controller, I get back "401 - Unauthorized: Access is denied due to invalid credentials". 但是,当我尝试将数据发布到该控制器时,我得到“ 401-未经授权:由于无效的凭据而拒绝访问”。 I don't want any credentials! 我不需要任何凭证! Again, GET on this same controller works fine anonymously. 同样,在同一控制器上的GET可以匿名正常工作。
This seems to be a configuration issue (since it works in QA) but I do not know any other things to configure. 这似乎是一个配置问题(因为它可以在质量检查中使用),但是我不知道要配置什么其他内容。 I have been configuring IIS websites for anonymous/windows/forms auth for 10 years but have never run into anything like this before. 我已经为匿名/ Windows /窗体身份验证配置IIS网站已有10年了,但是之前从未遇到过类似的情况。
Here is the code that allows MVC 3 to serve these methods up to anyone: 这是允许MVC 3向任何人提供这些方法的代码:
[AuthorizeAnonymous]
public class LtWebsiteController : Controller
{
...
}
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = false)]
public class AuthorizeAnonymousAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (!(filterContext.Controller is LtWebsiteController))
base.OnAuthorization(filterContext);
}
}
This is driving me nuts! 这真让我发疯! Please help. 请帮忙。
1 个解决方案
解决方案1
1 已采纳 2015-03-27 13:59:00
You are likely missing HTTP headers for NTLM authentication. 您可能缺少用于NTLM身份验证的HTTP标头。 I would configure HttpClient to send the right credentials as part of the request. 我将HttpClient配置为发送正确的凭据作为请求的一部分。
HttpClientHandler handler = new HttpClientHandler()
{
UseDefaultCredentials = true
};
HttpClient client = new HttpClient(handler);
It's confusing since you are enabling anonymous authentication. 由于您启用了匿名身份验证,因此很混乱。 But, with Windows Authentication the request needs to have proper headers. 但是,使用Windows身份验证,请求需要具有适当的标头。 A 401 tells me the server flat out rejects the HTTP request. 401告诉我服务器完全拒绝HTTP请求。
http://www.asp.net/web-api/overview/security/integrated-windows-authentication http://www.asp.net/web-api/overview/security/integrated-windows-authentication
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.