gpt4 book ai didi

c# - 此请求的授权已被拒绝。总是

转载 作者:太空狗 更新时间:2023-10-29 18:13:09 27 4
gpt4 key购买 nike

我已经创建了一个 MVC webApi 项目,现在我想使用身份验证和授权。我想我已经实现了这种安全措施,但由于某种原因,有些事情变糟了,当我编写我的凭据并尝试调用一些 webApi 方法时,显示消息“此请求的授权已被拒绝”。

这是我实现的代码。

WebApi配置:

public static void Register(HttpConfiguration config)
{
// Web API configuration and services

// Web API routes
config.MapHttpAttributeRoutes();

config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);

config.Filters.Add(new AuthorizeAttribute());
}

路由配置:

public static void RegisterRoutes(RouteCollection routes)
{
routes.IgnoreRoute("{resource}.axd/{*pathInfo}");

routes.MapRoute(
name: "Default",
url: "{controller}/{action}/{id}",
defaults: new { controller = "Routing", action = "LogIn", id = UrlParameter.Optional }
);
}

Controller :

public class RoutingController : Controller
{
//
// GET: /Routing/
public ActionResult Index()
{
return View();
}

public ActionResult Projects()
{
return View();
}

public ActionResult Users()
{
return View();
}

public ActionResult LogIn()
{
return View();
}

[HttpPost]
public JsonResult LogInPost(string userName, string password)
{
User user = new User();
RoleByUser rByU = new RoleByUser();
password = UserController.EncriptPassword(password);
string url = string.Empty;
var checkUser = user.Get(userName);
var userExists = (from userInList in checkUser where userInList.UserName == userName && userInList.Password == password select userInList).FirstOrDefault();
if(userExists!= null)
{
var roles = (from roleByUser in userExists.listOfRole select roleByUser.RoleName.Trim()).ToArray();
IPrincipal principal = new GenericPrincipal(
new GenericIdentity(userExists.UserName), roles);
SetPrincipal(principal);
url = "Routing/Users";
}
return Json(url);
}

private void SetPrincipal(IPrincipal principal)
{
Thread.CurrentPrincipal = principal;
if (System.Web.HttpContext.Current != null)
{
System.Web.HttpContext.Current.User = principal;
}
}

}

HTML:

<link href="~/css/Style.css" rel="stylesheet" type="text/css" />

<div class="container">
<div class="card card-container">
<img id="STK" class="profile-img-card" src="Images/Softtek.png" />
<p id="profile-name" class="profile-name-card"></p>
<form class="form-signin">
<span id="reauth-email" class="reauth-email"></span>
<input type="text" id="txtUserName" class="form-control" placeholder="Email address" required autofocus />
<input type="password" id="txtPassword" class="form-control" placeholder="Password" required />
<div id="remember" class="checkbox">
<label>
<input type="checkbox" value="remember-me" /> Remember me
</label>
</div>
@*<button id="btnLogIn" class="btn btn-lg btn-primary btn-block btn-signin" >Sing In</button>*@
</form><!-- /form -->
<button id="btnLogIn" class="btn btn-lg btn-primary">Sing In</button>
<a href="#" class="forgot-password">
Forgot the password?
</a>
</div><!-- /card-container -->
</div><!-- /container -->

JS:

$(document).ready(function () { $('#btnLogIn').click(logIn); });

function logIn() {
$.ajax({
type: "POST",
url: "http://localhost:21294/Routing/LogInPost",
dataType: "json",
data: { userName: $('#txtUserName').val(), password: $('#txtPassword').val() },
success: function (data) {
if(data!= "" && data!= undefined && data!= null)
window.location.href = data;
},
error: function (err, e, error) {
toastr.error('Error')
}
});

最佳答案

您应该将 [AllowAnonymous] 属性添加到 Controller 的 LogInPost

当您将 AuthorizeAttribute 添加到您的过滤器时,它会导致您的 Controller 假定默认情况下他们需要对所有操作进行授权,包括用于登录的操作。

关于c# - 此请求的授权已被拒绝。总是,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33003503/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com