Azure API管理案例 - 评估不如预期的表达
当我期望 true 我期望false> false
我在这里看到的内容 时格式化的消息能够比较
403: invalid client certificate
`A5958B8D39A945764110E210A19952FA5C9CAC9A` !=
`A5958B8D39A945764110E210A19952FA5C9CAC9A`
负责此验证的2个指标的策略部分,如下所示:
<inbound>
<base />
<set-variable name="clientCert" value="{{Client-Thumbprint}}" />
<set-variable name="testCert" value="{{Test-Thumbprint}}" />
<choose>
<when condition="@(context.Request.Certificate == null || !context.Request.Certificate.Verify())">
<return-response>
<set-status code="403" reason="certificate is missing or not valid" />
</return-response>
</when>
<when condition='@(
(string)context.Request.Certificate.Thumbprint.ToUpper() != ((string)context.Variables["clientCert"]).ToUpper() &&
(string)context.Request.Certificate.Thumbprint.ToUpper() != ((string)context.Variables["testCert"]).ToUpper()
)'>
<return-response>
<set-status code="403" reason='@( string.Format("invalid client certificate `{0}` != `{1}`",
(string)context.Request.Certificate.Thumbprint.ToUpper(),
((string)context.Variables["clientCert"]).ToUpper()
)' />
</return-response>
</when>
</choose>
...
</inbound>
我敢肯定,请求的拇指打印等于clientcert变量。
我不是在问如何恢复此代码。
我的问题:当第二表达式时,第二的问题是怎么回事 - 为什么在应为false时将其评估为true?
can't understand the reason why expression for the second when is evaluated to true when i'm expecting false
here what I see in response (formatted message to be able to compare 2 thumbprints)
403: invalid client certificate
`A5958B8D39A945764110E210A19952FA5C9CAC9A` !=
`A5958B8D39A945764110E210A19952FA5C9CAC9A`
policy part that is responsible for this validation looks like this:
<inbound>
<base />
<set-variable name="clientCert" value="{{Client-Thumbprint}}" />
<set-variable name="testCert" value="{{Test-Thumbprint}}" />
<choose>
<when condition="@(context.Request.Certificate == null || !context.Request.Certificate.Verify())">
<return-response>
<set-status code="403" reason="certificate is missing or not valid" />
</return-response>
</when>
<when condition='@(
(string)context.Request.Certificate.Thumbprint.ToUpper() != ((string)context.Variables["clientCert"]).ToUpper() &&
(string)context.Request.Certificate.Thumbprint.ToUpper() != ((string)context.Variables["testCert"]).ToUpper()
)'>
<return-response>
<set-status code="403" reason='@( string.Format("invalid client certificate `{0}` != `{1}`",
(string)context.Request.Certificate.Thumbprint.ToUpper(),
((string)context.Variables["clientCert"]).ToUpper()
)' />
</return-response>
</when>
</choose>
...
</inbound>
i'm sure that thumbprint in request equal to value of clientCert variable.
i'm not asking how to rework this code.
my question: what's wrong with second when expression - why it's evaluated to true when it should be false?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您可以遵循的解决方法之一,以达到上述要求;
您制定的策略似乎是正确的,因为第二个值必须为
false,我们需要使用否则和之前/code>。基于 Microsoft文档 : -
有关更多信息,请参阅此 blog | Azure:API管理中的策略 。
One of the workaround you can follow to achieve the above requirement ;
The policy which you have made seems like correct , as the second value must be
false,To do that we need to useotherwiseand beforewhen.Based on the MICROSOFT DOCUMENTATION:-
For more information Please refer this Blog|Azure: Policies in API Management .