防止 FormsAuthentication 覆盖 WCF REST 中的响应状态
我正在将 WCF REST 与 FormsAuthentication 结合使用。此身份验证模式使用重定向到“登录 URL”的 HTTP 302 Found 覆盖 HTTP 401 Unauthorized 响应状态,就像在 Web 应用程序中一样。
当然,这在 WCF REST 应用程序中没有意义,我想确保 401 状态到达请求者。
我尝试这样做:
var response = WebOperationContext.Current.OutgoingResponse;
response.StatusCode = HttpStatusCode.Unauthorized;
HttpContext.Current.Response.SuppressContent = true;
HttpContext.Current.Response.StatusCode = 401;
HttpContext.Current.Response.End();
但是当执行该行时,我在客户端调用中收到异常:
System.Net.WebException occurred
Message=The underlying connection was closed: An unexpected error occurred on a receive.
Source=System
StackTrace:
at System.Net.HttpWebRequest.GetResponse()
at RestPrototype.Web.Infrastructure.Http.ByPassGet(HttpContextBase httpContext, Uri url) in D:\TFS Source\PROTOTYPE\RestPrototype.Web\Infrastructure\Http.cs:line 165
InnerException: System.IO.IOException
Message=Unable to read data from the transport connection: The connection was closed.
Source=System
StackTrace:
at System.Net.ConnectStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.HttpWebRequest.MakeMemoryStream(Stream stream)
InnerException:
在 Fiddler 上,我可以看到 401 已发送:
HTTP/1.1 401 Unauthorized
Cache-Control: private
Transfer-Encoding: chunked
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 15:22:41 GMT
Transfer-Encoding: chunked 和其他端关闭连接而不发送正文,导致客户端出现异常。不幸的是,我不知道如何避免该标头并放置 Content-Length: 0,因为 ASP.NET 会覆盖它。
我想以 WCF 风格解决这个问题,如果可能的话不使用自定义 HttpModule。如果有人知道防止 ASP.NET 覆盖我的标头的方法,我们将非常欢迎。
问候。
I am using WCF REST with FormsAuthentication. This authentication mode, overrides the HTTP 401 Unauthorized response status with a HTTP 302 Found that redirects to the "login Url" like in a web application.
Of course that doesn't make sense in a WCF REST Application, and I would like to ensure that the 401 status arrives to the requester.
I have tried doing this:
var response = WebOperationContext.Current.OutgoingResponse;
response.StatusCode = HttpStatusCode.Unauthorized;
HttpContext.Current.Response.SuppressContent = true;
HttpContext.Current.Response.StatusCode = 401;
HttpContext.Current.Response.End();
But when that lines are executed, I get an exeption in my client side call:
System.Net.WebException occurred
Message=The underlying connection was closed: An unexpected error occurred on a receive.
Source=System
StackTrace:
at System.Net.HttpWebRequest.GetResponse()
at RestPrototype.Web.Infrastructure.Http.ByPassGet(HttpContextBase httpContext, Uri url) in D:\TFS Source\PROTOTYPE\RestPrototype.Web\Infrastructure\Http.cs:line 165
InnerException: System.IO.IOException
Message=Unable to read data from the transport connection: The connection was closed.
Source=System
StackTrace:
at System.Net.ConnectStream.Read(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.HttpWebRequest.MakeMemoryStream(Stream stream)
InnerException:
On Fiddler I can see that the 401 is sent:
HTTP/1.1 401 Unauthorized
Cache-Control: private
Transfer-Encoding: chunked
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 03 Oct 2011 15:22:41 GMT
That Transfer-Encoding: chunked and the other side closing the connection without sending the body, is causing that exception in the client side. Unfortunately I don't know how to avoid that header and put a Content-Length: 0, since ASP.NET overrides it.
I would like to solve this in a WCF style, without use a custom HttpModule if possible. And if somebody know a way to prevent ASP.NET from overriding my headers will be very welcomed.
Regards.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您必须通过 web.config 指示当前用户不需要访问特定的路由/url。使用“位置”标签:
You have to indicate via your web.config that no current user is needed to access a particular route/url. Use the "location" tag: