授权 – ASP.NET Web API基本身份验证授权标头

前端之家收集整理的这篇文章主要介绍了授权 – ASP.NET Web API基本身份验证授权标头前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我有一个BasicAuthenticationAttribute检查请求中的Authorization标头但是尽管它存在,它仍然认为Authorization标头为null:
public class BasicAuthenticationAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(HttpActionContext actionContext)
    {
        if (actionContext.Request.Headers.Authorization == null)
        {
            actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
        }

        ...

如果我检查actionContext.Request.Headers,我可以看到列出的授权:

{Connection: Keep-Alive
Accept: */*
Accept-Encoding: gzip,deflate
Accept-Language: en-gb
Authorization: REDACTED_BUT_PRESENT==
Host: localhost:44300
Referer: https://localhost:44300/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)
}

更新

我刚刚检查了完整的请求标头,它们看起来像这样……我可以在第一部分看到Authorization标头,但第二部分中的Authorization标头显然为null.

request.Headers

{Connection: Keep-Alive
Accept: */*
Accept-Encoding: gzip,deflate
Accept-Language: en-gb
Authorization: REDACTED_BUT_PRESENT==
Host: localhost:1734
Referer: http://localhost:1734/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)
}
    base {System.Net.Http.Headers.HttpHeaders}: {Connection: Keep-Alive
Accept: */*
Accept-Encoding: gzip,deflate
Accept-Language: en-gb
Authorization: VXNlcjpQYXNzd29yZA==
Host: localhost:1734
Referer: http://localhost:1734/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)
}
    Accept: {*/*}
    AcceptCharset: {}
    AcceptEncoding: {gzip,deflate}
    AcceptLanguage: {en-gb}
    Authorization: null
    CacheControl: null
    ... removed for brevity ...
    Warning: {}

解决方法

如果您对此感到困惑,可以使用以下命令获取标题
var header = request.Headers.FirstOrDefault(h => h.Key.Equals("Authorization"));

但不是通过

var header = request.Headers.Authorization;

猜你在找的asp.Net相关文章