gpt4 book ai didi

c# - 外部身份验证失败时返回哪个 HTTP 状态?

转载 作者:行者123 更新时间:2023-12-05 06:42:28 25 4
gpt4 key购买 nike

在我的 ASP.NET MVC Web 应用程序中,我有一个外部单点登录,用于对企业中的用户进行集中身份验证。 SSO 应该返回一个唯一标识用户的内容“数据包”,然后将其用于传递给本地 ASP.NET Owin Cookie 身份验证(或者表单例份验证,或类似的东西)。如果出于某种原因,SSO 提供的“数据包”不包含所需的最低信息,我想在本地 ASP.NET 级别适本地处理它。这是一个非常严重的错误,不一定会经常发生。所以我想我会做这样的事情:

public class AuthController() : Controller
{
public ActionResult Login(string returnUrl)
{
// Process external single-sign-on authentication
bool isSuccess = ProcessExternalAuth();
if (!success)
// return appropriate HTTP status code
else
// continue with login
}
}

但我不确定要返回哪个 HTTP 状态代码。这样的事情合适吗?

return new HttpStatusCodeResult(
HttpStatusCode.BadGateway, "SSO authentication failed.");

根据 List of HTTP Status Codes , 500 个错误之一可能是最合适的:

Response status codes beginning with the digit "5" indicate cases in which the server is aware that it has encountered an error or is otherwise incapable of performing the request...

最佳答案

错误代码 401 和错误代码 403 通常用于身份验证相关错误。然而,它们有一些与之配套的标准,这些标准指定了何时以及如何使用它们。在您的例子中,这些都不适合。例如,403 被描述为 ( http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html ):

403 Forbidden

The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead.

一个好的替代方法是返回代码 503(服务不可用)。

503 Service Unavailable

The server is currently unable to handle the request due to a temporary overloading or maintenance of the server. The implication is that this is a temporary condition which will be alleviated after some delay.

关于c# - 外部身份验证失败时返回哪个 HTTP 状态?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36989705/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com