[英]Authentication Filter not working with Authorization Filter in Web API
我正在嘗試為ASP.NET Web API創建自定義身份驗證篩選器。 以下是我的身份驗證過濾器的代碼
public class IDPAuthenticationFilter : AuthorizationFilterAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
var identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ClaimTypes.Name, "testUser"));
identity.AddClaim(new Claim(ClaimTypes.Role, "client"));
identity.AddClaim(new Claim("testUser"));
identity.AddClaim(new Claim("APP:USERID", "50123"));
var principal = new GenericPrincipal(identity, new string[] { });
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
base.OnAuthorization(actionContext);
}
}
我已全局配置了身份驗證篩選器,並使用斷點確認正在調用該篩選器。
config.Filters.Add(new IDPAuthenticationFilter());
問題是,如果我將[System.Web.Http.Authorize]
屬性添加到任何控制器,則會出現401未經授權錯誤。 我可以在控制器操作中使用User.Identity.Name
訪問用戶名,但是如果添加授權屬性,則會出現錯誤。 有什么我想念的嗎?
謝謝您的時間。 如果需要其他信息,請添加評論。
我做錯了幾件事。 首先,我需要實現IAuthenticationFilter
而不是AuthorizationFilterAttribute
其次,我設置身份的方式不正確。 以下是對我有用的代碼。
public class IDPAuthenticationFilter : Attribute, IAuthenticationFilter
{
public bool AllowMultiple => false;
public async Task AuthenticateAsync (HttpAuthenticationContext context, CancellationToken cancellationToken)
{
HttpRequestMessage request = context.Request;
AuthenticationHeaderValue authorization = request.Headers.Authorization;
if (authorization == null) {
return;
}
if (authorization.Scheme != "Bearer") {
return;
}
var claims = new List<Claim> ();
claims.Add (new Claim (ClaimTypes.Name, "testUser"));
claims.Add (new Claim (ClaimTypes.Role, "client"));
claims.Add (new Claim ("sub", "testUser"));
claims.Add (new Claim("APP:USERID", "50123"));
var identity = new ClaimsIdentity (claims, "Auth_Key");
var principal = new ClaimsPrincipal (new [] { identity });
context.Principal = principal;
HttpContext.Current.User = context.Principal;
Thread.CurrentPrincipal = context.Principal;
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.