c# – 我是否必须在ApplyResponseChallengeAsync中检查响应状态?

前端之家收集整理的这篇文章主要介绍了c# – 我是否必须在ApplyResponseChallengeAsync中检查响应状态?前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我编写了一个相当基本的 AuthenticationHandler<T>派生类,用于为我的REST服务执行自定义身份验证.

我曾经假设(是的,我知道,不好主意)只有在我真正需要应用我的挑战时才会调用ApplyResponseChallengeAsync – 例如它被描述为:

Override this method to dela(sic) with 401 challenge concerns,if an authentication scheme in question deals an authentication interaction as part of it’s request flow. (like adding a response header,or changing the 401 result to 302 of a login page or external sign-in location.)

这听起来只有在发出401时才会被调用.但是,在一些有限的测试中,我们看到一些例外如下:

  1. System.Web.HttpException (0x80004005): Server cannot append header after HTTP headers have been sent.
  2. at System.Web.HttpHeaderCollection.SetHeader(String name,String value,Boolean replace)
  3. at Microsoft.Owin.Host.SystemWeb.CallHeaders.AspNetResponseHeaders.Set(String key,String[] values)
  4. at Microsoft.Owin.Infrastructure.OwinHelpers.AppendHeader(IDictionary`2 headers,String key,String values)
  5. at OurAuthHandler.ApplyResponseChallengeAsync()
  6. at Microsoft.Owin.Security.Infrastructure.AuthenticationHandler.<ApplyResponseCoreAsync>d__8.MoveNext()
  7. --- End of stack trace from prevIoUs location where exception was thrown ---
  8. at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  9. at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  10. at Microsoft.Owin.Security.Infrastructure.AuthenticationHandler.<TeardownAsync>d__5.MoveNext()
  11. --- And so on

因此,想要对此进行调查,我稍微更改了方法中的代码,以便我可以使用调试器来检查发生此异常的情况:

  1. protected override Task ApplyResponseChallengeAsync()
  2. {
  3. try
  4. {
  5. foreach (var uri in Options.IdentityConfiguration.AudienceRestriction.AllowedAudienceUris)
  6. {
  7. Response.Headers.Append("WWW-Authenticate","Bearer realm=\"" + uri + "\"");
  8. }
  9. return base.ApplyResponseChallengeAsync();
  10. }
  11. catch
  12. {
  13. throw; //Set a breakpoint here
  14. }
  15. }

而且,瞧,当我的断点被击中时,我看到响应状态代码是200 / OK.

问题

所以,问题是,我本来是要自己检查状态代码,是否有一些标志我必须通过/设置某处,以便这个方法调用401s,或者我错过了其他的东西?

解决方法

是的,您必须自己检查状态代码.该文档具有误导性.

请注意0​​7000中的每个现有AuthenticationHandler如何检查状态代码

  1. public class OpenIdConnectAuthenticationHandler : AuthenticationHandler<OpenIdConnectAuthenticationOptions>
  2. {
  3. ...
  4. protected override async Task ApplyResponseChallengeAsync()
  5. {
  6. if (Response.StatusCode == 401)
  7. {
  8. ....
  9. }
  10. }
  11. ...
  12. }
  1. internal class TwitterAuthenticationHandler : AuthenticationHandler<TwitterAuthenticationOptions>
  2. {
  3. ...
  4. [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage","CA2202:Do not dispose objects multiple times",Justification = "MemoryStream.Dispose is idempotent")]
  5. protected override async Task ApplyResponseChallengeAsync()
  6. {
  7. if (Response.StatusCode != 401)
  8. {
  9. return;
  10. }
  11. }
  12. ...
  13. }
  1. public class WsFederationAuthenticationHandler : AuthenticationHandler<WsFederationAuthenticationOptions>
  2. {
  3. ...
  4. protected override async Task ApplyResponseChallengeAsync()
  5. {
  6. if (Response.StatusCode == 401)
  7. {
  8. ...
  9. }
  10. }
  11. ...
  12. }

我还检查了Katana项目的源代码:没有办法通过标志或其他东西来改变这种行为.

猜你在找的C#相关文章