javascript - Web Api 2 - 检查用户是否登录

标签 javascript c# asp.net angularjs asp.net-web-api2

我仍在 ASP.NET 中摸索。

我正在尝试让 Angular 代码与 Web API 2 端点通信,该端点只能从解决方案本身内部访问。

我想要做的一件事是根据当前用户是否登录或匿名浏览来显示或隐藏编辑按钮。

我可以通过检查 User.Identity.IsAuthenticated 在 MVC View 中执行此操作,但我很好奇如何使用纯 Angular 页面(其中没有 .NET 编码)来执行此操作。

我以为我可以做这样的事情

public class AuthorizationController : ApiController
{
     public HttpResponseMessage Get()
     {
          if (User.Identity.IsAuthenticated)
          {
               return Request.CreateResponse(HttpStatusCode.OK, "Ok");
          }
          else
          {
               return Request.CreateErrorResponse(HttpStatusCode.Unauthorized, "You are not authorized");
          }
     };
}

然后这样调用它

$http.get("../api/authorization")
     .then(function (response) 
           {
                if(response.status=="200") 
                {
                     // logged in
                }
                else
                {
                    // not logged in
                }
           });

不幸的是,这并没有达到我的预期。如果用户未登录,API 代码会触发创建错误响应的行,但它实际返回到 Angular 回调的是

{"data":"<!DOCTYPE html>\r\n<html>\r\n<head>\r\n <meta charset=\"utf-8\" />\r\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\r\n <title>Log in - My ASP.NET Application</title>\r\n <link href=\"/Content/bootstrap.css\" rel=\"stylesheet\"/>\r\n<link href=\"/Content/site.css\" rel=\"stylesheet\"/>\r\n\r\n <script src=\"/Scripts/modernizr-2.6.2.js\"></script>\r\n\r\n\r\n</head>\r\n<body>\r\n <div class=\"navbar navbar-inverse navbar-fixed-top\">\r\n <div class=\"container\">\r\n <div class=\"navbar-header\">\r\n <button type=\"button\" class=\"navbar-toggle\" data-toggle=\"collapse\" data-target=\".navbar-collapse\">\r\n <span class=\"icon-bar\"></span>\r\n <span class=\"icon-bar\"></span>\r\n <span class=\"icon-bar\"></span>\r\n </button>\r\n <a class=\"navbar-brand\" href=\"/\">Application name</a>\r\n </div>\r\n <div class=\"navbar-collapse collapse\">\r\n <ul class=\"nav navbar-nav\">\r\n <li><a href=\"/\">Home</a></li>\r\n <li><a href=\"/Home/About\">About</a></li>\r\n <li><a href=\"/Home/Contact\">Contact</a></li>\r\n </ul>\r\n <ul class=\"nav navbar-nav navbar-right\">\r\n <li><a href=\"/Account/Register\" id=\"registerLink\">Register</a></li>\r\n <li><a href=\"/Account/Login\" id=\"loginLink\">Log in</a></li>\r\n </ul>\r\n\r\n </div>\r\n </div>\r\n </div>\r\n <div class=\"container body-content\">\r\n \r\n\r\n\r\n<h2>Log in.</h2>\r\n<div class=\"row\">\r\n <div class=\"col-md-8\">\r\n <section id=\"loginForm\">\r\n<form action=\"/Account/Login?ReturnUrl=%2Fapi%2Fauthorization\" class=\"form-horizontal\" method=\"post\" role=\"form\"><input name=\"__RequestVerificationToken\" type=\"hidden\" value=\"5h-wFJ5pn4Vq8uI15BbzTvAwAFuudI1jaF_YsHfpAp9YFaeArEkO4P6i5bFMYgSs6OY6BXDEHzNLFpxYA-IvQJlr7zYY8Bgj9mErF1dgMQQ1\" /> <h4>Use a local account to log in.</h4>\r\n <hr />\r\n <div class=\"form-group\">\r\n <label class=\"col-md-2 control-label\" for=\"Email\">Email</label>\r\n <div class=\"col-md-10\">\r\n <input class=\"form-control\" data-val=\"true\" data-val-email=\"The Email field is not a valid e-mail address.\" data-val-required=\"The Email field is required.\" id=\"Email\" name=\"Email\" type=\"text\" value=\"\" />\r\n <span class=\"field-validation-valid text-danger\" data-valmsg-for=\"Email\" data-valmsg-replace=\"true\"></span>\r\n </div>\r\n </div>\r\n <div class=\"form-group\">\r\n <label class=\"col-md-2 control-label\" for=\"Password\">Password</label>\r\n <div class=\"col-md-10\">\r\n <input class=\"form-control\" data-val=\"true\" data-val-required=\"The Password field is required.\" id=\"Password\" name=\"Password\" type=\"password\" />\r\n <span class=\"field-validation-valid text-danger\" data-valmsg-for=\"Password\" data-valmsg-replace=\"true\"></span>\r\n </div>\r\n </div>\r\n <div class=\"form-group\">\r\n <div class=\"col-md-offset-2 col-md-10\">\r\n <div class=\"checkbox\">\r\n <input data-val=\"true\" data-val-required=\"The Remember me? field is required.\" id=\"RememberMe\" name=\"RememberMe\" type=\"checkbox\" value=\"true\" /><input name=\"RememberMe\" type=\"hidden\" value=\"false\" />\r\n <label for=\"RememberMe\">Remember me?</label>\r\n </div>\r\n </div>\r\n </div>\r\n <div class=\"form-group\">\r\n <div class=\"col-md-offset-2 col-md-10\">\r\n <input type=\"submit\" value=\"Log in\" class=\"btn btn-default\" />\r\n </div>\r\n </div>\r\n <p>\r\n <a href=\"/Account/Register\">Register as a new user</a>\r\n </p>\r\n</form> </section>\r\n </div>\r\n <div class=\"col-md-4\">\r\n <section id=\"socialLoginForm\">\r\n \r\n<h4>Use another service to log in.</h4>\r\n<hr />\r\n <div>\r\n <p>\r\n There are no external authentication services configured. See <a href=\"http://go.microsoft.com/fwlink/?LinkId=403804\">this article</a>\r\n for details on setting up this ASP.NET application to support logging in via external services.\r\n </p>\r\n </div>\r\n\r\n\r\n </section>\r\n </div>\r\n</div>\r\n\r\n\r\n <hr />\r\n <footer>\r\n <p>&copy; 2016 - My ASP.NET Application</p>\r\n </footer>\r\n </div>\r\n\r\n <script src=\"/Scripts/jquery-2.2.3.js\"></script>\r\n\r\n <script src=\"/Scripts/bootstrap.js\"></script>\r\n<script src=\"/Scripts/respond.js\"></script>\r\n\r\n \r\n <script src=\"/Scripts/jquery.validate.js\"></script>\r\n<script src=\"/Scripts/jquery.validate.unobtrusive.js\"></script>\r\n\r\n\r\n\r\n<!-- Visual Studio Browser Link -->\r\n<script type=\"application/json\" id=\"__browserLink_initializationData\">\r\n {\"appName\":\"Firefox\",\"requestId\":\"69b5785bb7f0400088c465aa19c19c8a\"}\r\n</script>\r\n<script type=\"text/javascript\" src=\"http://localhost:55784/9f4b9571f5a149d8a3ad956c641aff65/browserLink\" async=\"async\"></script>\r\n<!-- End Browser Link -->\r\n\r\n</body>\r\n</html>\r\n","status":200,"config":{"method":"GET","transformRequest":[null],"transformResponse":[null],"url":"../api/authorization","headers":{"Accept":"application/json, text/plain, */*"}},"statusText":"OK"}

所以它似乎正在返回一个登录页面。有人可以告诉我我做错了什么吗?或者我只是用这种方法完全找错了树?

最佳答案

您大概正在使用表单例份验证。默认情况下,表单例份验证将检测管道 (401) 中的未经身份验证的事件,并将其转换为登录页面的重定向 (302)。如果您的客户端自动遵循该重定向(大多数情况下都是如此),那么您最终将获得带有 HTTP 成功状态代码 (200) 的登录页面内容。

对此有两种相当直接的解决方案:

  1. 不要使用表单例份验证(好吧,如果您没有可用的替代身份验证中间件,这并不完全简单)。
  2. 设置 HttpResponse.SuppressFormsAuthenticationRedirect属性为 true。

根据 HttpResponse.SuppressFormsAuthenticationRedirect 的文档:

By default, forms authentication converts HTTP 401 status codes to 302 in order to redirect to the login page. This isn't appropriate for certain classes of errors, such as when authentication succeeds but authorization fails, or when the current request is an AJAX or web service request. This property provides a way to suppress the redirect behavior and send the original status code to the client.

关于属性(property)的值(value):

true if forms authentication redirection should be suppressed; otherwise, false.

要进一步阅读,请查看他的 blog post就这个主题而言。

关于javascript - Web Api 2 - 检查用户是否登录,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37555431/

上一篇:javascript - 使用 jQuery 删除两个 html 标签之间的文本

下一篇:javascript - 为什么 PHP 没有正确返回我的 JSON?

相关文章:

javascript - JQuery 变量没有转移到 JavaScript

c# - Unity Build错误::audioinaec中的属性application @ allowBackups = false:与另一个值冲突

c# - 使用 Razor 从表中获取行信息

c# - 从数据库获取 bytes[] 图像作为 IFormFile

javascript - 修改一个数组会修改我用它创建的另一个数组

javascript - 我无法让客户端和服务器端验证工作

javascript - Fullcalendar - 调整自定义时间的日历 View 日显示范围

c# - 跨 .NET 语言性能

c# - Gridview DataSource 有行,但 GridView 没有

asp.net - 在内容页面加载之前在母版页中重定向

©2024 IT工具网  联系我们