我自己托管WebApi,配置如下:
Visual Studio 2012 / .NET 4.0
public void Configuration(IAppBuilder appBuilder)
{
var config = new HttpConfiguration();
// authentication
config.MessageHandlers.Add(new Shield.PresharedKeyAuthorizer());
// routing
config.Routes.MapHttpRoute(
name: "Default",routeTemplate: "{controller}/{id}",defaults: new { id = RouteParameter.Optional }
);
appBuilder.UseWebApi(config);
}
我有一个简单的测试设置,使用以下DelegatingHandler创建一个声明并将其附加到当前线程.
public class PresharedKeyAuthorizer : DelegatingHandler
{
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,System.Threading.CancellationToken cancellationToken)
{
var claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Name,"superstar"));
var identity = new ClaimsIdentity(claims,"PresharedKey");
var principal = new ClaimsPrincipal(identity);
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
HttpContext.Current.User = principal;
return base.SendAsync(request,cancellationToken);
}
}
但是,当我打开标有Authorize属性的ApiController时,它不会识别身份验证.
[Authorize]
public class FilesController : ApiController
{
public IEnumerable<string> Get()
{
return new string[] { "Secure File A","Secure File B" };
}
}
删除Authorize属性并设置断点,我可以看到RequestContext.Principal属性确实为空.请求没有授权属性,所以我知道自主托管的设置是正确的,但我必须在认证管道中缺少一些东西.
我不知道允许该声明对Authorize属性有效吗?
使用相同方法的相关答案在IIS:https://stackoverflow.com/a/14872968/118224托管时似乎工作
解决方法
在消息处理程序中,设置这样的主体.
request.GetRequestContext().Principal = principal;
不使用
Thread.CurrentPrincipal = principal;
if (HttpContext.Current != null)
HttpContext.Current.User = principal;
UPDATE
自从我在.NET 4.0 / 2012 / Web API< 2中工作以来已经有一段时间了.所以我肯定不能回答.但是,OWIN主持人必须在OWIN上下文中设置主体. OwinHttpRequestContext在OWIN上下文中设置Thread.CurrentPrincipal和principal.通过使用request.GetRequestContext().主体,这些细节从你隐藏.为了简短的说明,我相信如果你有一些如何设定OWIN上下文中的主体,这将会奏效.不知道如何从Web API消息处理程序中做到这一点.您可以从OWIN中间件执行此操作.
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
config.Routes.MapHttpRoute("default","api/{controller}/{id}");
//config.MessageHandlers.Add(new PresharedKeyAuthorizer());
app.Use((IOwinContext context,Func<Task> next) =>
{
var claims = new List<Claim>();
claims.Add(new Claim(ClaimTypes.Name,"PresharedKey");
var principal = new ClaimsPrincipal(identity);
context.Request.User = principal;
return next.Invoke();
});
app.UseWebApi(config);
}
