1. 首頁
  2. 問答
  3. 對.NET核心REST風格的Web API的未經授權的GET請求

對.NET核心REST風格的Web API的未經授權的GET請求

2016-09-29 24 views
-1

昨天,我用一種方法在.NET Core(解決方案名爲Vault)中編寫了一個簡單的REST風格Web API,該方法僅根據Windows用戶名獲取用戶的配置文件。現在我有了第二個解決方案,它會向我之前提到的自託管服務請求一些請求。當我使用Postman時,當我在Vault中的唯一方法上調用GET時,可以輕鬆地檢索數據,但是當我在Mainframe中構建URI並執行時,會收到Unauthorized錯誤,並且使我感到困惑,因爲Vault不需要特定像用戶名和密碼登錄。我還在Vault中放置了一個斷點,與使用Postman時不同,它在通過Mainframe解決方案調用時沒有達到我的代碼。對.NET核心REST風格的Web API的未經授權的GET請求

這哪裏是建立自己的REST請求,並調用服務(GetProfile()

public VaultApiClient(ConfigurationManagerWrap configuration) 
{ 
    this.configuration = configuration; 

    this.client = new RestClient(new Uri(this.configuration.GetAppSetting<string>(ConfigurationKeys.VaultApiURL))); 
} 

/// <summary> 
/// The get profile. 
/// </summary> 
/// <returns> 
/// The <see cref="UserProfile"/>. 
/// </returns> 
public UserProfile GetProfile() 
{ 
    var request = new RestRequest("profile") { Method = Method.GET}; 
    //request.AddParameter("profile", ParameterType.UrlSegment); 

    var response = this.client.Execute(request); 

    if (response.StatusCode != HttpStatusCode.OK) 
    { 
     throw new Exception(
      $"Could not get the user profile ({response.StatusCode} {response.StatusDescription})"); 
    } 

    return RestJsonSerializer.Default.Deserialize<UserProfile>(response); 
}

林主持本地的,因此基本URI,又名ConfigurationKeys.VaultApiURL,是localhost5000/API/

我的主機控制器:

public HomeController() 
    : this(new VaultApiClient(new ConfigurationManagerWrap())) 
{ 
} 

/// <summary> 
/// Initializes a new instance of the <see cref="HomeController"/> class. 
/// </summary> 
/// <param name="vaultApiClient"> 
/// The vault api client. 
/// </param> 
public HomeController(IVaultApiClient vaultApiClient) 
{ 
    this.vaultApiClient = vaultApiClient; 
} 

/// <summary> 
/// The index. 
/// </summary> 
/// <returns> 
/// The <see cref="ActionResult"/>. 
/// </returns> 
public ActionResult Index() 
{ 
    var profile = this.GetProfile(); 

    this.ViewBag.IsEdit = false; 
    this.ViewBag.IsError = false; 
    this.ViewBag.ErrorMessage = ""; 

    if (this.TempData.ContainsKey("IsEdit")) 
    { 
     this.ViewBag.IsEdit = true; 
     this.TempData.Remove("IsEdit"); 

     if (this.TempData.ContainsKey("ErrorMessage")) 
     { 
      this.ViewBag.IsError = true; 
      this.ViewBag.ErrorMessage = this.TempData["ErrorMessage"]; 
      this.TempData.Remove("ErrorMessage"); 
     } 
    } 

    return this.View("Index", profile); 
} 

private UserProfile GetProfile() 
{ 
    return this.vaultApiClient.GetProfile(); 
}

這裏是處理問題的GET請求庫控制器方法:

[HttpGet] 
[Route("/api/Profile")] 
[Produces(typeof(UserProfile))] 
public IActionResult SearchProfile() 
{ 
    try 
    { 
     if (!this.currentuser.IsAuthenticated) 
     { 
      throw new Exception("This service does not support anonymous calls."); 
     } 

     var profile = Task.Run(() => this.personalizationService.GetUserProfileAsync(this.currentuser.GetCurrentWindowsIdentityName)).Result; 

     var userProfile = this.persistenceToDataModelConverter.Convert(profile); 
     userProfile.UserAdLogin = this.currentuser.GetCurrentWindowsIdentityName; 

     return this.Ok(userProfile); 
    } 
    catch (Exception ex) 
    { 
     return this.NotFound(ex); 
    } 
}

最後,這裏有一些照片之前,當錯誤被拋出。 What the client holds

What the request holds

The error

來源

2016-09-29 Picnic8

+1

看起來你必須提供客戶端請求的憑證 – hellowstone

+0

@hellowstone向客戶端請求添加憑證可以解決問題。如果你想發佈你的答案,我會標記爲解決:)謝謝 – Picnic8

+0

不客氣.... – hellowstone

回答

1

憑證信息必須以與服務器進行驗證被提供有客戶端請求。

來源

2016-09-29 14:36:10 hellowstone

相關問題

 相關問題