使用 HttpClient 授权 AD Group\User
Authorizing AD Group\User With HttpClient
每当我关闭匿名身份验证并尝试从 HttpClient 获得响应时,我都会收到 401 错误。
StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1,
Content: System.Net.Http.StreamContent, Headers:
{
X-SourceFiles: =?UTF-8?B?QzpcVXNlcnNcUGFycmlzaFxEb2N1bWVudHNcJ0xSXFNvdXJjZVxBcHBzXExSUiBBRkVcTFJSX0FGLVxhcGlcYWZlXDg0QTk0NjVFQzg2QTQwQjNBNEJCNkJDOTI3MTFGRjNB?=
Cache-Control: private
Server: Microsoft-IIS/10.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Mon, 27 Aug 2018 18:14:05 GMT
Content-Length: 6166
Content-Type: text/html; charset=utf-8
}
为了测试,我让控制器对单个用户进行身份验证。
[Authorize(Users = @"Domain\Username")]
public class ExampleController : Controller
{
public async Task<ActionResult> Index(string exampleId)
{
var baseUrl = $"{Request.Url.Scheme}://{Request.Url.Authority}{Url.Content("~")}";
var client = new HttpClient(); // <-- This is WRONG*
var response = await client.GetAsync($"{baseUrl}api/example/{exampleId}");
var example = await response.Content.ReadAsAsync<ExampleModel>();
return View(example);
}
}
我研究过使用 HttpClient.DefaultRequestHeaders.Authentication,但我没有找到让它与 ActiveDirectory 一起工作的方法。我看过 here 但无法理解在这种情况下我从哪里获得授权令牌。
如果我手动创建一个新控制器并直接调用它而不是通过 API 这可行,但在那种情况下它真的没有验证任何东西,对吗?
*编辑:
正如 ADyson 指出的那样,我的错误是没有正确初始化 HttpClient。它应该是这样写的:
var client = new HttpClient(new HttpClientHandler() { UseDefaultCredentials = true });
您需要设置 UseDefaultCredentials = true(在您传递给 HttpClient 的 HttpClientHandler 实例中)。
每当我关闭匿名身份验证并尝试从 HttpClient 获得响应时,我都会收到 401 错误。
StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1,
Content: System.Net.Http.StreamContent, Headers:
{
X-SourceFiles: =?UTF-8?B?QzpcVXNlcnNcUGFycmlzaFxEb2N1bWVudHNcJ0xSXFNvdXJjZVxBcHBzXExSUiBBRkVcTFJSX0FGLVxhcGlcYWZlXDg0QTk0NjVFQzg2QTQwQjNBNEJCNkJDOTI3MTFGRjNB?=
Cache-Control: private
Server: Microsoft-IIS/10.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
Date: Mon, 27 Aug 2018 18:14:05 GMT
Content-Length: 6166
Content-Type: text/html; charset=utf-8
}
为了测试,我让控制器对单个用户进行身份验证。
[Authorize(Users = @"Domain\Username")]
public class ExampleController : Controller
{
public async Task<ActionResult> Index(string exampleId)
{
var baseUrl = $"{Request.Url.Scheme}://{Request.Url.Authority}{Url.Content("~")}";
var client = new HttpClient(); // <-- This is WRONG*
var response = await client.GetAsync($"{baseUrl}api/example/{exampleId}");
var example = await response.Content.ReadAsAsync<ExampleModel>();
return View(example);
}
}
我研究过使用 HttpClient.DefaultRequestHeaders.Authentication,但我没有找到让它与 ActiveDirectory 一起工作的方法。我看过 here 但无法理解在这种情况下我从哪里获得授权令牌。
如果我手动创建一个新控制器并直接调用它而不是通过 API 这可行,但在那种情况下它真的没有验证任何东西,对吗?
*编辑:
正如 ADyson 指出的那样,我的错误是没有正确初始化 HttpClient。它应该是这样写的:
var client = new HttpClient(new HttpClientHandler() { UseDefaultCredentials = true });
您需要设置 UseDefaultCredentials = true(在您传递给 HttpClient 的 HttpClientHandler 实例中)。