0

我有具有基本 http 授权的 WebApi 项目。我需要授权用户之前,他去安全页面。当我转到安全页面“Books/get”时,我看到错误“'/' 应用程序中的服务器错误”。为什么页面有错误?在根中:

public class BasicAuthHttpModule : IHttpModule
{
    private const string Realm = "My Realm";

    public void Init(HttpApplication context)
    {
        // Register event handlers
        context.AuthenticateRequest += OnApplicationAuthenticateRequest;
        context.EndRequest += OnApplicationEndRequest;
    }

    private static void SetPrincipal(IPrincipal principal)
    {
        Thread.CurrentPrincipal = principal;
        if (HttpContext.Current != null)
        {
            HttpContext.Current.User = principal;
        }
    }

    // TODO: Here is where you would validate the username and password.
    private static bool CheckPassword(string username, string password)
    {
        return username == "user" && password == "password";
    }

    private static bool AuthenticateUser(string credentials)
    {
        bool validated = false;
        try
        {
            var encoding = Encoding.GetEncoding("iso-8859-1");
            credentials = encoding.GetString(Convert.FromBase64String(credentials));

            int separator = credentials.IndexOf(':');
            string name = credentials.Substring(0, separator);
            string password = credentials.Substring(separator + 1);

            validated = CheckPassword(name, password);
            if (validated)
            {
                var identity = new GenericIdentity(name);
                SetPrincipal(new GenericPrincipal(identity, null));
            }
        }
        catch (FormatException)
        {
            // Credentials were not formatted correctly.
            validated = false;

        }
        return validated;
    }

    private static void OnApplicationAuthenticateRequest(object sender, EventArgs e)
    {
        var request = HttpContext.Current.Request;
        var authHeader = request.Headers["Authorization"];
        if (authHeader != null)
        {
            var authHeaderVal = AuthenticationHeaderValue.Parse(authHeader);

            // RFC 2617 sec 1.2, "scheme" name is case-insensitive
            if (authHeaderVal.Scheme.Equals("basic",
                    StringComparison.OrdinalIgnoreCase) &&
                authHeaderVal.Parameter != null)
            {
                AuthenticateUser(authHeaderVal.Parameter);
            }
        }
    }

    // If the request was unauthorized, add the WWW-Authenticate header 
    // to the response.
    private static void OnApplicationEndRequest(object sender, EventArgs e)
    {
        var response = HttpContext.Current.Response;
        if (response.StatusCode == 401)
        {
            response.Headers.Add("WWW-Authenticate",
                string.Format("Basic realm=\"{0}\"", Realm));
        }
    }

    public void Dispose()
    {
    }
}

public class ItemModel
{
    public int ItemID { get; set; }
    public string ItemName { get; set; }
    public double ItemValue { get; set; }
}

网络配置的一部分:

  <system.webServer>
  <modules>
    <add name="BasicAuthHttpModule"  type="WebHostBasicAuth.Modules.BasicAuthHttpModule, BasicAuth"/>
  </modules>

和书籍控制器:

    [Authorize]
public class BooksController : ApiController
{
    [Authorize]
    public IEnumerable<ItemModel> Get()
    {
        return new List<ItemModel> 
        {
            new ItemModel() { ItemID = 1, ItemName = "Item1", ItemValue = 100 },
        };
    }
4

1 回答 1

0

我有同样的问题。尝试没有 BasicAuth 的 web.config 部分

<add name="BasicAuthHttpModule"  type="WebHostBasicAuth.Modules.BasicAuthHttpModule"/>
于 2014-05-06T10:58:31.003 回答