最後回答: 您應該嘗試根據框架編寫代碼。來自示例的中間件不適用於ASP.NET Core MVC。這裏是我的例子:
public class BasicAuthenticationHandler : AuthenticationHandler<BasicAuthenticationOptions>
{
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
var authHeader = (string)this.Request.Headers["Authorization"];
if (!string.IsNullOrEmpty(authHeader) && authHeader.StartsWith("basic", StringComparison.OrdinalIgnoreCase))
{
//Extract credentials
string encodedUsernamePassword = authHeader.Substring("Basic ".Length).Trim();
Encoding encoding = Encoding.GetEncoding("iso-8859-1");
string usernamePassword = encoding.GetString(Convert.FromBase64String(encodedUsernamePassword));
int seperatorIndex = usernamePassword.IndexOf(':');
var username = usernamePassword.Substring(0, seperatorIndex);
var password = usernamePassword.Substring(seperatorIndex + 1);
if (username == "test" && password == "test")
{
var user = new GenericPrincipal(new GenericIdentity("User"), null);
var ticket = new AuthenticationTicket(user, new AuthenticationProperties(), Options.AuthenticationScheme);
return Task.FromResult(AuthenticateResult.Success(ticket));
}
}
return Task.FromResult(AuthenticateResult.Fail("No valid user."));
}
}
public class BasicAuthenticationMiddleware : AuthenticationMiddleware<BasicAuthenticationOptions>
{
public BasicAuthenticationMiddleware(
RequestDelegate next,
IOptions<BasicAuthenticationOptions> options,
ILoggerFactory loggerFactory,
UrlEncoder encoder)
: base(next, options, loggerFactory, encoder)
{
}
protected override AuthenticationHandler<BasicAuthenticationOptions> CreateHandler()
{
return new BasicAuthenticationHandler();
}
}
public class BasicAuthenticationOptions : AuthenticationOptions
{
public BasicAuthenticationOptions()
{
AuthenticationScheme = "Basic";
AutomaticAuthenticate = true;
}
}
在Startup.cs註冊 - app.UseMiddleware<BasicAuthenticationMiddleware>();
。如果你申請授權應用層過濾
[Authorize(ActiveAuthenticationSchemes = "Basic")]
[Route("api/[controller]")]
public class ValuesController : Controller
和使用屬性AllowAnonymous
:有了這個代碼,您可以限制使用非標準屬性Autorize
任何控制器。
原來的答覆: From documentation
添加[AllowAnonymous]
給家庭控制器,使他們先註冊匿名用戶可以得到關於該網站的信息。
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
namespace ContactManager.Controllers {
[AllowAnonymous]
public class HomeController : Controller
{
public IActionResult Index()
{
return View();
}
沒有HomeController中,我沒有使用MVC,但說的Web API。在我的情況下,基本身份驗證是一個自定義的中間件(請參閱示例https://stackoverflow.com/questions/38977088/asp-net-core-web-api-authentication)。因此它不關心AllowAnonymous屬性。我想閱讀被調用的控制器的屬性。 –
ASP.Net Core與MVC和Web API相同。 –
它適合我!謝謝!!! – Leila