Web 服务的自定义基本身份验证
我在 .net 4.0 中为 asmx 实现自定义基本身份验证时遇到一个小问题。 我已经创建了 HttpModule,它将启动运行此代码的 Web 服务使用者的身份验证过程,
HttpApplication application = (source as HttpApplication);
HttpContext context = application.Context;
if ( VirtualPathUtility.GetFileName(context.Request.FilePath).Contains("svcEWS.asmx"))
{
string username = "", password = "";
string authHeader = HttpContext.Current.Request.Headers["Authorization"];
if (!string.IsNullOrEmpty(authHeader) && authHeader.StartsWith("Basic"))
{
//Authenticate here
}
}
但是每当到达此代码时,都不会出现身份验证标头。 消费 Web 应用程序只是调用,
EWS.svcEWS svcEWS = new EWS.svcEWS();
svcEWS.Credentials = new NetworkCredential("admin", "admin", "example.com");
svcEWS.HelloWorld();
IIS 设置为以匿名身份验证运行,以防止其捕获任何身份验证请求。
我是否缺少让客户端将正确的标头传递给我的模块的功能?
I'm having a small issue with implementing custom basic authentication for a asmx in .net 4.0.
I've created the HttpModule which would start the authentication process of the web service consumer runnig this code,
HttpApplication application = (source as HttpApplication);
HttpContext context = application.Context;
if ( VirtualPathUtility.GetFileName(context.Request.FilePath).Contains("svcEWS.asmx"))
{
string username = "", password = "";
string authHeader = HttpContext.Current.Request.Headers["Authorization"];
if (!string.IsNullOrEmpty(authHeader) && authHeader.StartsWith("Basic"))
{
//Authenticate here
}
}
However there is no authentication header present whenever this code is reached.
The consuming web app is simply calling,
EWS.svcEWS svcEWS = new EWS.svcEWS();
svcEWS.Credentials = new NetworkCredential("admin", "admin", "example.com");
svcEWS.HelloWorld();
IIS is set to run with anonymous authentication to anonymous authentication to prevent it from catching any auth requests.
Is there something I'm missing to have the client pass the correct header to my module?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我忘记拒绝第一个使用 401 代码强制身份验证的请求。这样做可以解决问题,因为调用者会重新发送带有 auth 标头的请求。
I was forgetting to reject the first request with 401 code to force authentication. Doing so fixes the problem, as the invoker re sends the request with the auth header.