当前位置: 动力学知识库 > 问答 > 编程问答 >

authentication - Web API, APIController, Empty User

问题描述:

I have a standard web form app which is authenticated using IIS's Windows Authentication setting.

As I now need to expose some the data via Web API, I have added an APIController which I can successfully retrieve the required data, however, I need to restrict what is returned based on the identity of the requestor.

The problem is that the this.User.Identity is coming back empty..

[System.Security.Principal.WindowsIdentity]: {System.Security.Principal.WindowsIdentity}

AuthenticationType: ""

IsAuthenticated: false

Name: ""

I am new to Web API so not sure what I have done wrong / forgotten to do...

FYI - The authentication on the web form app is working perfectly...

网友答案:

WebSecurity was introduced in ASP.NET MVC 4. It relies on the SimpleMembershipProvider. It uses FormsAuthentication to manage cookies

WebMatrix.WebData.WebSecurity is provides security and authentication features for ASP.NET Web Pages applications, including the ability to create user accounts, log users in and out, reset or change passwords, and perform related tasks.

The WebSecurity class is used to perform security operations

You must create or initialize an WebSecurity database before you can use the WebSecurity object in your code.

In the root of your web, create a page (or edit the page ) named _AppStart.cshtml.

_AppStart.cshtml

@{
WebSecurity.InitializeDatabaseConnection("Users", "UserProfile", "UserId", "Email", true);
}

you can authenticate your request by following code.

WebSecurity.Login(LoginName, Password, true)

once authenticated successed , you will get value of WebSecurity.IsAuthenticated is true and you will get user's identity

网友答案:

Read this articles. it will give more information about WebSecurity and how to use it

http://www.codeguru.com/csharp/.net/net_asp/mvc/using-simplemembership-in-asp.net-mvc-4.htm

http://www.mono-software.com/blog/post/Mono/226/Adding-ASP-NET-SimpleMembership-to-an-existing-MVC-4-application/
网友答案:

Having "anonymous authentication" enabled..along side of "windows authentication" will create this "empty windowsIdentity" problem.

Longer discussion (and my problem and answer) here:

HttpClient calling a Windows-Authenication ApiController Method...but no WindowsIdentity coming along for the ride

Also see:

How to get Windows user name when identity impersonate="true" in asp.net?

分享给朋友:
您可能感兴趣的文章:
随机阅读: