身份验证筛选器无法与Web API中的授权筛选器一起使用
[英]Authentication Filter not working with Authorization Filter in Web API
问题描述
I am trying to create a custom Authentication filter for ASP.NET Web API. 
我正在尝试为ASP.NET Web API创建自定义身份验证筛选器。 Below is the code for my authentication filter 以下是我的身份验证过滤器的代码
public class IDPAuthenticationFilter : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
var identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ClaimTypes.Name, "testUser"));
identity.AddClaim(new Claim(ClaimTypes.Role, "client"));
identity.AddClaim(new Claim("testUser"));
identity.AddClaim(new Claim("APP:USERID", "50123"));
var principal = new GenericPrincipal(identity, new string[] { });
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
base.OnAuthorization(actionContext);
}
}
I have configured the Authentication Filter globally and confirmed using break-point that the filter is getting called. 我已全局配置了身份验证筛选器,并使用断点确认正在调用该筛选器。
config.Filters.Add(new IDPAuthenticationFilter());
The issue is if I add [System.Web.Http.Authorize] attribute to any controller then I get 401 Unauthorized error. 问题是,如果我将[System.Web.Http.Authorize]属性添加到任何控制器,则会出现401未经授权错误。 I am able to access user name using User.Identity.Name in the controller action, but if I add authorize attribute I get the error. 我可以在控制器操作中使用User.Identity.Name访问用户名,但是如果添加授权属性,则会出现错误。 Is there any thing I am missing. 有什么我想念的吗?
Thanks for you time. 谢谢您的时间。 Kindly add a comment in case any other information is required. 如果需要其他信息,请添加评论。
1 个解决方案
解决方案1
0 已采纳 2019-04-04 08:55:25
There were couple of things that I was doing wrong. 我做错了几件事。 First I needed to implement IAuthenticationFilter instead of AuthorizationFilterAttribute 首先,我需要实现IAuthenticationFilter而不是AuthorizationFilterAttribute
Second the way I was setting the identity was incorrect. 其次,我设置身份的方式不正确。 Below is the code that worked for me. 以下是对我有用的代码。
public class IDPAuthenticationFilter : Attribute, IAuthenticationFilter
{
public bool AllowMultiple => false;
public async Task AuthenticateAsync (HttpAuthenticationContext context, CancellationToken cancellationToken)
{
HttpRequestMessage request = context.Request;
AuthenticationHeaderValue authorization = request.Headers.Authorization;
if (authorization == null) {
return;
}
if (authorization.Scheme != "Bearer") {
return;
}
var claims = new List<Claim> ();
claims.Add (new Claim (ClaimTypes.Name, "testUser"));
claims.Add (new Claim (ClaimTypes.Role, "client"));
claims.Add (new Claim ("sub", "testUser"));
claims.Add (new Claim("APP:USERID", "50123"));
var identity = new ClaimsIdentity (claims, "Auth_Key");
var principal = new ClaimsPrincipal (new [] { identity });
context.Principal = principal;
HttpContext.Current.User = context.Principal;
Thread.CurrentPrincipal = context.Principal;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.