[英]Custom basic authentication fails in IIS7
I have an ASP.NET MVC application, with some RESTful services that I'm trying to secure using custom basic authentication (they are authenticated against my own database). 我有一个ASP.NET MVC应用程序,有一些RESTful服务,我试图使用自定义基本身份验证来保护它们(它们是根据我自己的数据库进行身份验证)。 I have implemented this by writing an HTTPModule. 我已经通过编写HTTPModule实现了这一点。
I have one method attached to the HttpApplication.AuthenticateRequest event, which calls this method in the case of authentication failure: 我有一个方法附加到HttpApplication.AuthenticateRequest事件,该事件在身份验证失败的情况下调用此方法:
private static void RejectWith401(HttpApplication app)
{
app.Response.StatusCode = 401;
app.Response.StatusDescription = "Access Denied";
app.CompleteRequest();
}
This method is attached to the HttpApplication.EndRequest event: 此方法附加到HttpApplication.EndRequest事件:
public void OnEndRequest(object source, EventArgs eventArgs)
{
var app = (HttpApplication) source;
if (app.Response.StatusCode == 401)
{
string val = String.Format("Basic Realm=\"{0}\"", "MyCustomBasicAuthentication");
app.Response.AppendHeader("WWW-Authenticate", val);
}
}
This code adds the "WWW-Authenticate" header which tells the browser to throw up the login dialog. 此代码添加“WWW-Authenticate”标头,告诉浏览器抛出登录对话框。 This works perfectly when I debug locally using Visual Studio's web server. 当我使用Visual Studio的Web服务器进行本地调试时,这非常有效。 But it fails when I run it in IIS7. 但是当我在IIS7中运行它时失败了。
For IIS7 I have the built-in authentication modules all turned off, except anonymous. 对于IIS7,除了匿名之外,我都关闭了内置的身份验证模块。 It still returns an HTTP 401 response, but it appears to be removing the WWW-Authenticate header. 它仍然返回HTTP 401响应,但它似乎正在删除WWW-Authenticate标头。
Any ideas? 有任何想法吗?
I figured it out. 我想到了。 The problem was that I named this module, "BasicAuthenticationModule" which conflicted with another module IIS had built in. Once I renamed the module things worked just fine! 问题是我将这个模块命名为“BasicAuthenticationModule”,它与IIS内置的另一个模块冲突。一旦我重命名模块,一切工作正常!
Even though you have it working, this is something else to consider: 即使你有它工作,这是另外需要考虑的事情:
http://wcfrestcontrib.codeplex.com/wikipage?title=Web%20Authentication%20Overview&referringTitle=Home http://wcfrestcontrib.codeplex.com/wikipage?title=Web%20Authentication%20Overview&referringTitle=Home
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.