[英]ASP.Net self-host web api. Auth ajax request, cookies doesn't set
我正在尝试使用客户端上的Sencha ExtJs和服务器端上的Asp.net自托管Web api编写授权。 这是我的控制器:
[HttpGet]
[HttpPost]
[Route("Login")]
public async Task<IHttpActionResult> Login(string ReturnUrl = "")
{
var EncodedAuth = Request.Headers.Authorization.Parameter;
var basicData = Encoding.ASCII.GetString(System.Convert.FromBase64String(EncodedAuth)).Split(':');
var login = basicData[0];
var password = basicData[1];
var passwordHash = new PasswordHasher().HashPassword(password);
// AppUser userDto = new AppUser {Name = model.Name, PasswordHash = model.Password};
AppUser userDto = new AppUser {Name = login, PasswordHash = password};
ClaimsIdentity claim = await AuthService.Authenticate(userDto);
if (claim == null)
{
ModelState.AddModelError("", "Неверный логин или пароль.");
return BadRequest("Неверный логин или пароль");
}
else
{
AuthenticationManager.SignOut();
AuthenticationManager.SignIn(new AuthenticationProperties
{
IsPersistent = true
}, claim);
}
return Ok();
}
Startup.cs:
public void Configuration(IAppBuilder app)
{
var config = new HttpSelfHostConfiguration("http://localhost:9000");
HttpListener listener = (HttpListener)app.Properties["System.Net.HttpListener"];
string authMode = ConfigurationManager.AppSettings["AuthMode"];
if (authMode == "windows")
listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;
app.CreatePerOwinContext(CreateAuthService);
config.MapHttpAttributeRoutes();
config.MessageHandlers.Add(new CustomHeaderHandler());
config.EnsureInitialized();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/api/Account/Login")
});
app.UseCors(CorsOptions.AllowAll);
app.UseNinjectMiddleware(NinjectConfig.CreateKernel);
app.UseNinjectWebApi(config);
}
private IAuthService CreateAuthService()
{
var serviceCreator = new ServiceCreator();
return serviceCreator.CreateUserService("KCentralBaseConnection");
}
}
public class CustomHeaderHandler : DelegatingHandler
{
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
{
return base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
{
HttpResponseMessage response = task.Result;
response.Headers.Add("Access-Control-Allow-Origin", "http://127.0.0.1:1841");
response.Headers.Add("Access-Control-Allow-Headers", "*");
response.Headers.Add("Access-Control-Allow-Credentials", "true");
response.Headers.Add("Access-Control-Expose-Headers", "Set-Cookie");
return response;
}, cancellationToken);
}
}
和客户端的ajax请求:
onLoginButton: function(button) {
var me = this;
var form = button.up('form');
var values = form.getValues();
var creditinals = values.login+':'+values.password;
var encoded = Base64.encode(creditinals);
Ext.Ajax.request({
url: WebApiServerUrl + 'api/Account/Login',
useDefaultXhrHeader: false,
cors: true,
headers: {
'Authorization': 'Basic '+encoded
},
params: {
ReturnUrl: window.location.href
},
success: function (response){
window.location.replace(window.location.href);
me.view.destroy();
}
})
}
登录方法成功执行,并返回到客户端的下一个响应:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:*
Access-Control-Allow-Origin:http://127.0.0.1:1841
Access-Control-Expose-Headers:Set-Cookie
Cache-Control:no-cache
Content-Length:0
Date:Fri, 15 Apr 2016 11:27:52 GMT
Expires:-1
Pragma:no-cache
Server:Microsoft-HTTPAPI/2.0
Set-Cookie:.AspNet.ApplicationCookie=AQAAANCMnd8BFdERjHoAwE_Cl-sBAAAAVeoujy5JdkaH_QpkOzXnDgAAAAACAAAAAAAQZgAAAAEAACAAAACLPGlOfvi79s2kU5ufyi9f3e2NZmBSfKePhsb-Yrb--QAAAAAOgAAAAAIAACAAAADjnYtqzg1eo2OecgqcCR6FE6wStdA9G_KlLPpcUyOpwmABAAB9hv7RbAug93wiDtl6qarpgBavISxBqBjiBdQ1eRzAvucGgO19605M7rqiPQAPxV3ZidcRxsYnhKKKdYNFPPexahMARNIJHwK8Q0lwH8XwTW66URJFl631lx-C0flLQep_MpKvRlJcyZ15zF2UEkHk0A6QtrY2Ae_nDkMATxJb2J9QIo_2j5HXfuxfugIOvWtJcnfMXO1uksOrsXCiBqSSIff_V2MLSnMLfKh2yRsEeDgezgYP77oGyXdjNGdgtte7mzNGRlitkcY9ArCtcubY8Im3x_X7j_PjHObPzn9X41MdhhpBwD3POssrAYtv-LDbaIITGjY_7aSWsAYNaZF-ztqpqkvRlY3drs5J060UbMtywQK1FWjvO_kI7sdVsbhKtyHghAgGU6svwb1uNIXVOCY-gSMoBCtgpDsCv2CIhNTTNeqM3cE5GXibUkJxMa8uWLS_QKy_T65H7wwn97IgQAAAANlyJIlNsiytkzJoz01lZbk1FyZVXtkor21cA4H05bPjuc7Aj9qYE8xDm2PnmQ3z5zwvHr5uxTRB7kklUsD_oaI; path=/; expires=Fri, 29-Apr-2016 11:27:53 GMT; HttpOnly
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Authorization:Basic QWRtaW46cGFzc3dvcmQ=
Connection:keep-alive
Content-Length:61
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Host:localhost:9000
Origin:http://127.0.0.1:1841
Referer:http://127.0.0.1:1841/Admin/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36
但是浏览器不会保存cookie(我在Chrome和IE中尝试过),尽管在邮递员中我发送了相同的请求,并且cookie可以。
我解决了这个问题。 我必须在接收请求和发送请求的Ajax.request中设置WithCredentials:true。
自主ASP.NET Web API和自主信号R一起使用Windows服务应用程序
[英]Self-host ASP.NET Web API and Self-host SignalR together windows service application
在将OWIN用于自主ASP.NET Web API时,我应该如何存储每个请求数据
[英]How should I store per request data when using OWIN to Self-Host ASP.NET Web API
使用Owin Self-Host ASP.Net API2无法接收带有正文中的数据而非查询字符串的POST请求
[英]Using Owin Self-Host ASP.Net API2 Can't Receive POST Request with data in body instead of query string
如何为现有的Asp.NET Web API项目设置控制台自主项目
[英]How to setup console self-host project for an existing Asp.NET Web API project
是否可以在没有IIS(非Web API)的情况下自行托管MVC 4应用程序?
[英]Is it possible to self-host a MVC 4 Application without IIS (not Web API)?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.