堆栈内存溢出
  简体   繁体   English

后续 REST API 请求出现 401 未经授权的错误

[英]401 Unauthorized error on subsequent REST API requests

 原文  2020-11-10 17:18:14       c#/ asp.net-web-api2

问题描述

I am getting 401 Unauthorized error on subsequent REST API requests , after the 1st successful response with 200 Ok.在第一个成功响应 200 Ok 之后,我在后续 REST API 请求中收到401 Unauthorized错误。 See steps to reproduce below.请参阅下面的重现步骤。

Steps to Reproduce:重现步骤:

  1. Authenticate and Get Authorization Token - Successful验证并获取授权令牌 - 成功在此处输入图片说明

  2. Submit First API Request - Successful提交第一个 API 请求 - 成功

在此处输入图片说明

  1. Submit Subsequent API Request - 401 Unauthorized提交后续 API 请求 - 401 未经授权

在此处输入图片说明

Note : This works fine when I debug locally or deploy on Azure.注意:当我在本地调试或在 Azure 上部署时,这很好用。 However, I get 401 Unauthorized in one of my hosting environment .但是,我在其中一个托管环境中收到 401 Unauthorized And support staff giving hard time and not able to resolve this issue.并且支持人员付出了很多努力并且无法解决这个问题。

Note : You may see different bearer token in my screenshots but I am passing same token in all requests.注意:您可能会在我的屏幕截图中看到不同的不记名令牌,但我在所有请求中都传递了相同的令牌。

  • Why is it giving issues only on 1 hosting environment and on subsequent requests?为什么它只在 1 个托管环境和后续请求上出现问题?
  • Do I need any specific changes to my web.config file so my subsequent requests are recognized by same bearer token?我是否需要对我的 web.config 文件进行任何特定更改,以便我的后续请求被相同的不记名令牌识别?

Update-1 : Below is the response from both my domain (401) and azure (200 ok) put in side-by-side.更新 1 :以下是我的域 (401) 和 azure (200 ok) 并排放置的响应。 I see Azure additionally sends ARRAffinity and ARRAffinitySameSite in cookies.我看到 Azure 还在 cookie 中发送了 ARRAffinity 和 ARRAffinitySameSite。 Hope this info might help.希望这些信息可能会有所帮助。

在此处输入图片说明

1 个解决方案

解决方案1
 0 已采纳  2020-11-11 22:16:41

I was missing Machine Key in my web.config file needed for web farm as my hosting environment uses 3 nameservers, as it didn't recognize the token from 2nd request onward.我在 web 场所需的 web.config 文件中缺少机器密钥,因为我的托管环境使用 3 个名称服务器,因为它无法识别第二个请求之后的令牌。

From MS Docs: If you deploy application in a Web farm, you must ensure that the configuration files on each server share the same value for validationKey and decryptionKey for Machine Key , which are used for hashing and decryption respectively.来自 MS Docs:如果您在 Web 场中部署应用程序,则必须确保每台服务器上的配置文件共享相同的用于机器密钥的验证密钥和解密密钥的值,分别用于散列和解密。 This is required as you cant guarantee which server will handle successive requests.这是必需的,因为您不能保证哪个服务器将处理连续的请求。

MS Docs: Webfarm Deployment Considerations MS Docs:Webfarm 部署注意事项

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 REST Search API远程服务器返回错误:(401)未经授权 - REST Search API The remote server returned an error: (401) Unauthorized Azure EventHubs REST API 401未经授权 - Azure EventHubs REST API 401 Unauthorized Veracode Rest API 只返回 401 未授权 - Veracode Rest API is only returning 401 unauthorized 尝试访问REST API时为401(未经授权) - 401 (Unauthorized) when trying to access REST API 401(未经授权)| 宇宙DB rest API | rest-from-.net - 401 (Unauthorized) | Cosmos DB rest API | rest-from-.net httpclient api 在 c# 中出现未经授权的 401 错误 - httpclient api unauthorized 401 error in c# 401使用WebRequest对象调用Stormpath REST API时未经授权? - 401 Unauthorized when calling Stormpath REST API with WebRequest object? 具有授权承载AccessToken的Yammer REST API返回401未经授权 - Yammer REST API with Authorization Bearer AccessToken returns 401 UnAuthorized ASP.NET CORE REST API(401 未经授权) - ASP.NET CORE REST API (401 Unauthorized) HP ALM 12.21 REST API - 401 未经授权 - C# - HP ALM 12.21 REST API - 401 Unauthorized - C#
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM