【发布时间】:2016-03-09 21:44:23
【问题描述】:
我正在尝试将自定义参数转发到 RESTful API 服务器并将代理响应返回到面向客户端的服务器。我不希望客户端能够访问或读取 API HTTP 请求/响应交互,因此我决定使用反向代理执行此操作。我转发请求并返回响应没有问题。问题在于身份验证。面向客户端的服务器总是希望重定向到登录页面,因为它不相信客户端已通过身份验证。我尝试过使用 HTTPS 和 HTTP,结果相似。
我研究这个问题已经有一段时间了,发现了各种各样的答案,但似乎都没有完全涵盖我的具体用例。我正在关注this example,这是最接近我特别需要的。但是,作者注释掉的凭据部分 (//request.Credentials = CredentialCache.DefaultCredentials;) 似乎并未涵盖我尝试实现的身份验证部分。请帮助我理解这个问题和解决方案。
这是我在控制器中使用的代码:
public ActionResult ProxyEndpoint(string custom_string, string another_custom_string)
{
//Bunch of code here to grab the remoteUrl from AppConfig and do stuff to the parameters and store them in queryString, unnecessary to show here.
//Here's the important bits:
remoteUrl = remoteUrl + "?" + queryString; // create my remoteUrl
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(remoteUrl);
request.Credentials = CredentialCache.DefaultCredentials;
// Also tried this to no avail:
request.Credentials = CredentialCache.DefaultNetworkCredentials;
return ProxyActionResult(request.GetResponse());
}
这是ProxyActionResult 类:
public class ProxyActionResult : ActionResult
{
WebResponse _response;
public ProxyActionResult(WebResponse response)
{
_response = response;
}
public override void ExecuteResult(ControllerContext controllerContext)
{
HttpContextBase httpContext = controllerContext.HttpContext;
WebResponse response = _response;
// Read the byte stream from the response:
Stream responseStream = response.GetResponseStream();
// Pulled this next piece from http://www.codeproject.com/Articles/7135/Simple-HTTP-Reverse-Proxy-with-ASP-NET-and-IIS
// Seemed to fit our use case.
if ((response.ContentType.ToLower().IndexOf("html") >= 0) || (response.ContentType.ToLower().IndexOf("javascript") >= 0))// || (response.ContentType.ToLower().IndexOf("image") >= 0))
{
//If the response is HTML Content, parse it like HTML:
StreamReader readStream = new StreamReader(responseStream, Encoding.Default);
String content;
content = ParseHtmlResponse(readStream.ReadToEnd(), httpContext.Request.ApplicationPath);
//Write the updated HTML to the client(and then close the response):
httpContext.Response.Write(content);
httpContext.Response.ContentType = response.ContentType;
response.Close();
httpContext.Response.End();
}
else
{
// If the response is not HTML Content, write the stream directly to the client:
var buffer = new byte[1024];
int bytes = 0;
while ((bytes = responseStream.Read(buffer, 0, 1024)) > 0)
{
httpContext.Response.OutputStream.Write(buffer, 0, bytes);
}
// from http://www.dotnetperls.com/response-binarywrite
httpContext.Response.ContentType = response.ContentType; // Set the appropriate content type of the response stream.
// and close the stream:
response.Close();
httpContext.Response.End();
}
//throw new NotImplementedException();
}
// Debating whether we need this:
public string ParseHtmlResponse(string html, string appPath)
{
html = html.Replace("\"/", "\"" + appPath + "/");
html = html.Replace("'/", "'" + appPath + "/");
html = html.Replace("=/", "=" + appPath + "/");
return html;
}
【问题讨论】:
-
如果您知道 API 需要什么/如何身份验证机制,将会有所帮助。这几乎决定了您是否真的可以做您计划做的事情(假设我理解您的问题 - 回复:谁的“代理”?)
-
API 不需要身份验证。可以通过简单的 GET 访问它
-
困惑...我的意思是您正在代理的(远程)api 以及您向其发送一些凭据
request.Credentials = CredentialCache.DefaultCredentials;的原因... -
没错,我可以对远程 API 执行一个简单的 GET 请求,它不需要任何凭据。这就是为什么我对它不断将我重定向到登录页面感到困惑的原因。然而,我实际上想通了。事实证明,运行 ArcGIS OpenLayers 的远程服务器有一个需要跨域身份验证的设置。我注释掉了 crossOrigin 身份验证,它运行良好。我在这里发布的代码没有任何问题。感谢您的帮助!
标签: c# asp.net authentication proxy openlayers