MVC Web Api 身份验证失败
MVC Web Api Authentication Fail
我有两个 MVC 应用程序,MVC web 和 MVC web api。 MVC 应用程序在“http://localhost:8241/" and MVC web api is running under "http://localhost:8243/”下 运行。我在 MVC 应用程序中设置了 cookie 身份验证。这是 startup.cs
中的代码
app.UseCookieAuthentication(options =>
{
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = true;
options.AuthenticationScheme = "CookieAuthHRMS";
options.CookieName = "access_token";
options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
options.SlidingExpiration = true;
options.LoginPath = new Microsoft.AspNet.Http.PathString("/Account/Login");
options.LogoutPath = new Microsoft.AspNet.Http.PathString("/Account/Logout");
options.AccessDeniedPath = new Microsoft.AspNet.Http.PathString("/Account/AccessDenied");
});
它工作正常。我可以使用 chrome 开发者工具查看 access_token cookie。所以我想在我的web api项目下添加认证。所以我在 web api 项目的 Startup.cs 下做了完全相同的代码。创建名为 conjunctioncontroller 的控制器来验证网络 api。这是代码:
[HttpPost("ConjunctionLI/{username}/{password}")]
public async Task<bool> ConjunctionLI(string username, string password)
{
UsersEntity usrEty = await _usr.findsUsers(username, password);
if (usrEty != null)
{
List<Claim> userClaims = new List<Claim>
{
new Claim("userId",usrEty.UserId.ToString()),
new Claim("EmployeeId",usrEty.EmployeeID),
new Claim(ClaimTypes.Name, usrEty.UserName),
};
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(userClaims, "local"));
await HttpContext.Authentication.SignInAsync("CookieAuthHRMS", principal);
}
return true;
}
在Mvc Web Application中,我在成功登录后调用了conjunction controller。这里是Account controller的Login Action中的代码。
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Login(LoginViewModel lgvm)
{
if (ModelState.IsValid)
{
var user = await _userManager.FindAsync(lgvm.UserName, lgvm.Password);
string result;
if(user!= null)
{
//call api service
using (var client = new HttpClient())
{
string apiSec = @"http://localhost:8243/api/Conjunction/ConjunctionLI/" + lgvm.UserName + "//" + lgvm.Password;
HttpResponseMessage response = await client.PostAsync(apiSec, null);
response.EnsureSuccessStatusCode();
result = await response.Content.ReadAsStringAsync();
}
await SignInAsync(user, lgvm.RememberMe);
return RedirectToAction("Index", "Home");
}
}
return RedirectToAction("AccessDenied","Account");
}
我将 [Authorize] 标签放入其中一个网络 api 控制器中,但仍然失败。尽管我使用了“await HttpContext.Authentication.SignInAsync("CookieAuthHRMS", principal);”像 MVC web 应用程序一样,身份验证仍然失败。
有什么正确的方法吗?如何验证 Web api 项目?
最好的Rgds,
青蛙
通过在Startup.cs中添加DataProtection中间件实现。
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(Configure);
services.AddMvc();
services.AddDataProtection();
services.ConfigureDataProtection(configure => {
configure.SetApplicationName("HRMS");
configure.PersistKeysToFileSystem(new DirectoryInfo(@"C:\shared-auth-ticket-keys\"));
});
}
我有两个 MVC 应用程序,MVC web 和 MVC web api。 MVC 应用程序在“http://localhost:8241/" and MVC web api is running under "http://localhost:8243/”下 运行。我在 MVC 应用程序中设置了 cookie 身份验证。这是 startup.cs
中的代码 app.UseCookieAuthentication(options =>
{
options.AutomaticAuthenticate = true;
options.AutomaticChallenge = true;
options.AuthenticationScheme = "CookieAuthHRMS";
options.CookieName = "access_token";
options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
options.SlidingExpiration = true;
options.LoginPath = new Microsoft.AspNet.Http.PathString("/Account/Login");
options.LogoutPath = new Microsoft.AspNet.Http.PathString("/Account/Logout");
options.AccessDeniedPath = new Microsoft.AspNet.Http.PathString("/Account/AccessDenied");
});
它工作正常。我可以使用 chrome 开发者工具查看 access_token cookie。所以我想在我的web api项目下添加认证。所以我在 web api 项目的 Startup.cs 下做了完全相同的代码。创建名为 conjunctioncontroller 的控制器来验证网络 api。这是代码:
[HttpPost("ConjunctionLI/{username}/{password}")]
public async Task<bool> ConjunctionLI(string username, string password)
{
UsersEntity usrEty = await _usr.findsUsers(username, password);
if (usrEty != null)
{
List<Claim> userClaims = new List<Claim>
{
new Claim("userId",usrEty.UserId.ToString()),
new Claim("EmployeeId",usrEty.EmployeeID),
new Claim(ClaimTypes.Name, usrEty.UserName),
};
ClaimsPrincipal principal = new ClaimsPrincipal(new ClaimsIdentity(userClaims, "local"));
await HttpContext.Authentication.SignInAsync("CookieAuthHRMS", principal);
}
return true;
}
在Mvc Web Application中,我在成功登录后调用了conjunction controller。这里是Account controller的Login Action中的代码。
[HttpPost]
[AllowAnonymous]
public async Task<IActionResult> Login(LoginViewModel lgvm)
{
if (ModelState.IsValid)
{
var user = await _userManager.FindAsync(lgvm.UserName, lgvm.Password);
string result;
if(user!= null)
{
//call api service
using (var client = new HttpClient())
{
string apiSec = @"http://localhost:8243/api/Conjunction/ConjunctionLI/" + lgvm.UserName + "//" + lgvm.Password;
HttpResponseMessage response = await client.PostAsync(apiSec, null);
response.EnsureSuccessStatusCode();
result = await response.Content.ReadAsStringAsync();
}
await SignInAsync(user, lgvm.RememberMe);
return RedirectToAction("Index", "Home");
}
}
return RedirectToAction("AccessDenied","Account");
}
我将 [Authorize] 标签放入其中一个网络 api 控制器中,但仍然失败。尽管我使用了“await HttpContext.Authentication.SignInAsync("CookieAuthHRMS", principal);”像 MVC web 应用程序一样,身份验证仍然失败。
有什么正确的方法吗?如何验证 Web api 项目?
最好的Rgds, 青蛙
通过在Startup.cs中添加DataProtection中间件实现。
public void ConfigureServices(IServiceCollection services)
{
services.AddCors(Configure);
services.AddMvc();
services.AddDataProtection();
services.ConfigureDataProtection(configure => {
configure.SetApplicationName("HRMS");
configure.PersistKeysToFileSystem(new DirectoryInfo(@"C:\shared-auth-ticket-keys\"));
});
}