stackoom
  简体   繁体   中英

Authentication Filter not working with Authorization Filter in Web API

 原文  2019-03-28 09:21:00       c#/ asp.net/ asp.net-web-api/ asp.net-web-api-filters

Question

I am trying to create a custom Authentication filter for ASP.NET Web API. Below is the code for my authentication filter 

public class IDPAuthenticationFilter : AuthorizationFilterAttribute
{
    public override void OnAuthorization(HttpActionContext actionContext)
    {
        var identity = new ClaimsIdentity();
        identity.AddClaim(new Claim(ClaimTypes.Name, "testUser"));
        identity.AddClaim(new Claim(ClaimTypes.Role, "client"));
        identity.AddClaim(new Claim("testUser"));
        identity.AddClaim(new Claim("APP:USERID", "50123"));

        var principal = new GenericPrincipal(identity, new string[] { });
        Thread.CurrentPrincipal = principal;
        HttpContext.Current.User = principal;

        base.OnAuthorization(actionContext);
    }
}

I have configured the Authentication Filter globally and confirmed using break-point that the filter is getting called. 

config.Filters.Add(new IDPAuthenticationFilter());

The issue is if I add [System.Web.Http.Authorize] attribute to any controller then I get 401 Unauthorized error. I am able to access user name using User.Identity.Name in the controller action, but if I add authorize attribute I get the error. Is there any thing I am missing.

Thanks for you time. Kindly add a comment in case any other information is required.

1 answers

solution1
 0 ACCPTED  2019-04-04 08:55:25

There were couple of things that I was doing wrong. First I needed to implement IAuthenticationFilter instead of AuthorizationFilterAttribute

Second the way I was setting the identity was incorrect. Below is the code that worked for me. 

public class IDPAuthenticationFilter : Attribute, IAuthenticationFilter 
{

    public bool AllowMultiple => false;

    public async Task AuthenticateAsync (HttpAuthenticationContext context, CancellationToken cancellationToken) 
    {

        HttpRequestMessage request = context.Request;
        AuthenticationHeaderValue authorization = request.Headers.Authorization;

        if (authorization == null) {
            return;
        }
        if (authorization.Scheme != "Bearer") {
            return;
        }

        var claims = new List<Claim> ();
        claims.Add (new Claim (ClaimTypes.Name, "testUser"));
        claims.Add (new Claim (ClaimTypes.Role, "client"));
        claims.Add (new Claim ("sub", "testUser"));
        claims.Add (new Claim("APP:USERID", "50123"));

        var identity = new ClaimsIdentity (claims, "Auth_Key");

        var principal = new ClaimsPrincipal (new [] { identity });
        context.Principal = principal;
        HttpContext.Current.User = context.Principal;
        Thread.CurrentPrincipal = context.Principal;

    }

}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Web API custom authentication filter Web API Authorization Filter not being hit ASP.NET Web API Authorization Filter Exception filter not working in web api How to add Web API authentication filter on Controller? ASP.NET Web API Override authorization filter for a handler OData filter is not working in my web api OData filter with "and" operator not working in Web Api WebAPI Basic Authentication Authorization Filter and machine keys Sending json response using Authentication filter in Web api controller?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM