【发布时间】:2014-10-23 20:24:24
【问题描述】:
我正在尝试使用 Thinktecture.IdentityModel 中的 ResourceAuthorize 属性,但由于没有 owin 上下文,一切都停止了。
我有一个设置授权管理器的 owin 启动类
[assembly: OwinStartup(typeof(My.WebApi.Startup))]
namespace My.WebApi
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
AuthConfig.Configure(app);
}
}
}
public class AuthConfig
{
public static void Configure(IAppBuilder app)
{
app.UseResourceAuthorization(new ResourceAuthorizationMiddlewareOptions
{
Manager = GlobalConfiguration.Configuration.DependencyResolver.GetService(typeof(IResourceAuthorizationManager)) as IResourceAuthorizationManager
});
}
}
我知道它已被检测到并被调用。但后来,当从IdentityModel 访问以下代码时,我得到一个空指针异常:
public static Task<bool> CheckAccessAsync(this HttpRequestMessage request, IEnumerable<Claim> actions, IEnumerable<Claim> resources)
{
var authorizationContext = new ResourceAuthorizationContext(
request.GetOwinContext().Authentication.User ?? Principal.Anonymous,
actions,
resources);
return request.CheckAccessAsync(authorizationContext);
}
我已经通过并看到它是由 GetOwinContext() 返回 null 引起的,因为请求中没有 MS_OwinContext 或 MS_OwinEnvironment 属性。
我错过了什么?
更新:
我发现我有一个可用的owin.environment 属性,但它是`HttpContextWrapper 的一部分,而不是请求。
通过四处搜索,我在System.Web.Http.WebHost.HttpControllerHandler 中发现了一些代码,看起来它应该将owin.environment 转换为MS_OwinEnvironment,但显然,在我的情况下,该代码从未被调用...
internal static readonly string OwinEnvironmentHttpContextKey = "owin.Environment";
internal static readonly string OwinEnvironmentKey = "MS_OwinEnvironment";
internal static HttpRequestMessage ConvertRequest(HttpContextBase httpContextBase, IHostBufferPolicySelector policySelector)
{
HttpRequestBase requestBase = httpContextBase.Request;
HttpRequestMessage httpRequestMessage = new HttpRequestMessage(HttpMethodHelper.GetHttpMethod(requestBase.HttpMethod), requestBase.Url);
bool bufferInput = policySelector == null || policySelector.UseBufferedInputStream((object) httpContextBase);
httpRequestMessage.Content = HttpControllerHandler.GetStreamContent(requestBase, bufferInput);
foreach (string str in (NameObjectCollectionBase) requestBase.Headers)
{
string[] values = requestBase.Headers.GetValues(str);
HttpControllerHandler.AddHeaderToHttpRequestMessage(httpRequestMessage, str, values);
}
HttpRequestMessageExtensions.SetHttpContext(httpRequestMessage, httpContextBase);
HttpRequestContext httpRequestContext = (HttpRequestContext) new WebHostHttpRequestContext(httpContextBase, requestBase, httpRequestMessage);
System.Net.Http.HttpRequestMessageExtensions.SetRequestContext(httpRequestMessage, httpRequestContext);
IDictionary items = httpContextBase.Items;
if (items != null && items.Contains((object) HttpControllerHandler.OwinEnvironmentHttpContextKey))
httpRequestMessage.Properties.Add(HttpControllerHandler.OwinEnvironmentKey, items[(object) HttpControllerHandler.OwinEnvironmentHttpContextKey]);
httpRequestMessage.Properties.Add(HttpPropertyKeys.RetrieveClientCertificateDelegateKey, (object) HttpControllerHandler._retrieveClientCertificate);
httpRequestMessage.Properties.Add(HttpPropertyKeys.IsLocalKey, (object) new Lazy<bool>((Func<bool>) (() => requestBase.IsLocal)));
httpRequestMessage.Properties.Add(HttpPropertyKeys.IncludeErrorDetailKey, (object) new Lazy<bool>((Func<bool>) (() => !httpContextBase.IsCustomErrorEnabled)));
return httpRequestMessage;
}
更新 2:
在 mvc 控制器内部,上下文是可用的。但不在 webapi 控制器中。
【问题讨论】:
-
您可以安全地删除 global.asax 文件,这样您的应用程序中就只有一个入口点。我不确定这是否能解决问题,但它肯定会让事情变得更清洁......
-
VS 自带的 web 应用模板创建 global.asax 和启动类。有人说“保留”是可以的,因为它可以很容易地将事件挂钩... ...我不确定它是否会帮助我删除它,但会尝试。
标签: asp.net owin thinktecture-ident-model