在未经授权的情况下调用RESTful API是否有问题?
[英]Having problems making a call to RESTful api without authorization?
问题描述
I need to call a RESTful API without any authorization. 
我需要未经任何授权就调用RESTful API。 The API utilizes its own custom authorization. API利用其自己的自定义授权。 I can successfully access the API utilizing Postman, but from my application the call to the exact same URL fails with "Access Denied". 我可以使用Postman成功访问API,但是从我的应用程序中调用相同的URL失败,并显示“访问被拒绝”。 The only difference I can see is Postman is set to "No Auth" 我唯一看到的区别是邮递员设置为“无身份验证”
Here is the code making the call: 这是进行调用的代码:
var task = client.GetAsync(url)
.ContinueWith((taskwithresponse) =>
{
var response = taskwithresponse.Result;
var jsonString = response.Content.ReadAsStringAsync();
jsonString.Wait();
var model = JsonConvert.DeserializeObject<object>(jsonString.Result).ToString();
});
task.Wait();
I've been searching for over an hour and can't find anything regarding this. 我已经搜索了一个多小时,却找不到与此有关的任何内容。 Any help is greatly appreciated. 任何帮助是极大的赞赏。
Here are the headers returned from Postman : 这是Postman返回的标头:
Access-Control-Allow-Headers → Content-Type
Access-Control-Allow-Methods → GET, POST, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin → *
Cache-Control → no-cache
Content-Length → 70838
Content-Type → application/json; charset=utf-8
Date → Wed, 02 Dec 2015 18:10:13 GMT
Expires → -1
Persistent-Auth → false
Pragma → no-cache
Server → Microsoft-IIS/7.5
WWW-Authenticate → Negotiate oYG2MIGzoAMKAQChCwYJKoZIgvcSAQICooGeBIGbYIGYBgkqhkiG9xIBAgICAG+BiDCBhaADAgEFoQMCAQ+ieTB3oAMCARKicARuLFrwoBSpoL7PwlX1E3MEnL7ub3KtmgZG2iGIfYqY+QyGXI1btpDaiLIBFstpQeunfY8DvHV/dcTbsVSeGW/ciuM/aZi1nG2AfHjlu6neYlTJTASF2bGv/M1EKkZRDvRoND2uLbfGdiXzrN5+M3U=
X-AspNet-Version →
X-AspNet-Version
Custom header
4.0.30319
X-Powered-By → ASP.NET
X-UA-Compatible → IE=edge
No headers are being sent from Postman. 没有邮递员发送标头。
1 个解决方案
解决方案1
2 2015-12-02 18:31:52
Looks like the rest service is using NTLM or Kerberos security token to authenticate. 看起来其余服务正在使用NTLM或Kerberos安全令牌进行身份验证。 Postman is automatically sending the information of windows identity. 邮递员会自动发送Windows身份信息。 Via C# code you have to explicitly specify the Windows Identity as Identity token for impersonation. 通过C#代码,您必须将Windows Identity明确指定为用于模拟的Identity令牌。
Try WebClient instead of HttpClient and use Default : 尝试使用WebClient而不是HttpClient并使用Default:
var wi = (WindowsIdentity)HttpContext.User.Identity;
var wic = wi.Impersonate();
using (var client = new WebClient { UseDefaultCredentials = true })
{
client.DownloadStringAsync(url);
}
wic.Undo();
if Async doesn't work try sync method DownloadString . 如果Async不起作用,请尝试同步方法DownloadString 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.