WebAPI授权
[英]WebAPI Authorization
问题描述
I've got a local site running MVC5 WebApi 2. I have the default AccountController on there, and I've got a WebApi controller I've locked down with the [Authorize] attribute so I need to be logged in. What I want to do is connect to it via UWP with authorization first. 
我有一个运行MVC5 WebApi 2的本地站点。我在该站点上有默认的AccountController,并且我已经用[Authorize]属性锁定了一个WebApi控制器,因此我需要登录。要做的是首先通过具有授权的UWP连接到它。
The default Login POST method looks like this: 默认的Login POST方法如下所示:
//
// POST: /Account/Login
[HttpPost]
[AllowAnonymous]
[ValidateAntiForgeryToken]
public async Task<ActionResult> Login(LoginViewModel model, string returnUrl)
{
if (!ModelState.IsValid)
{
return View(model);
}
// This doesn't count login failures towards account lockout
// To enable password failures to trigger account lockout, change to shouldLockout: true
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
switch (result)
{
case SignInStatus.Success:
return RedirectToLocal(returnUrl);
case SignInStatus.LockedOut:
return View("Lockout");
case SignInStatus.RequiresVerification:
return RedirectToAction("SendCode", new { ReturnUrl = returnUrl, RememberMe = model.RememberMe });
case SignInStatus.Failure:
default:
ModelState.AddModelError("", "Invalid login attempt.");
return View(model);
}
}
If I try to use Postman to POST to that URL I get an error on anti-forgery token. 如果我尝试使用邮递员过帐到该URL,则会收到有关防伪令牌的错误消息。 Just wondering what I need to do both on the Web Api 2 end and the UWP end to get it going. 只是想知道我需要在Web Api 2端和UWP端上做什么才能使其正常运行。 On the UWP end I'm trying to set this up via a Windows.Web.Http.HttpClient on the login button click in my XAML. 在UWP端,我试图通过Windows.Web.Http.HttpClient的登录按钮上的XAML进行设置。 Don't have code for that yet as I was testing in Postman first to see what I need to do to get a connection. 当我首先在Postman中进行测试时,还没有相应的代码,以查看获得连接所需的操作。 Do I need to add a method on AccountController that bypasses the anti-forgery token and just takes a username/password on a POST method, or is that not recommended? 我是否需要在AccountController上添加一个绕过防伪令牌并仅在POST方法上使用用户名/密码的方法,还是不建议这样做?
So my UWP just has a textbox for username and password, I want to connect to my web server via 所以我的UWP只有一个用于输入用户名和密码的文本框,我想通过以下方式连接到我的Web服务器
1 个解决方案
解决方案1
0 已采纳 2017-05-19 23:54:27
You need to add the 'RequestVerificationToken' header to the postman request to test. 您需要在邮递员请求中添加“ RequestVerificationToken”标头进行测试。 You will also need to implement your own way to actually get the token from the api for testing. 您还需要实现自己的方式来从api实际获取令牌以进行测试。 Something like: 就像是:
[HttpPost]
[AllowAnonymous]
public IActionResult GetToken()
{
string cookieToken, formToken;
System.Web.Helpers.AntiForgery.GetTokens(null, out cookieToken, out formToken);
return this.Ok(cookieToken + ":" + formToken);
}
For you application, you will need to add the equivalent of Razors @Html.AntiForgeryToken() to the page generation, and make sure you add the header the same as in testing to the requests. 对于您的应用程序,您将需要在页面生成中添加等效的Razors @ Html.AntiForgeryToken(),并确保您添加的标题与测试请求中的标题相同。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.