2
クライアントでSencha ExtJs、サーバー側でAsp.netセルフホストWeb APIを使用して承認を書き込もうとしています。ASP.Netの自己ホストWeb API。 Auth ajaxリクエスト、クッキーが設定されていません
[HttpGet]
[HttpPost]
[Route("Login")]
public async Task<IHttpActionResult> Login(string ReturnUrl = "")
{
var EncodedAuth = Request.Headers.Authorization.Parameter;
var basicData = Encoding.ASCII.GetString(System.Convert.FromBase64String(EncodedAuth)).Split(':');
var login = basicData[0];
var password = basicData[1];
var passwordHash = new PasswordHasher().HashPassword(password);
// AppUser userDto = new AppUser {Name = model.Name, PasswordHash = model.Password};
AppUser userDto = new AppUser {Name = login, PasswordHash = password};
ClaimsIdentity claim = await AuthService.Authenticate(userDto);
if (claim == null)
{
ModelState.AddModelError("", "Неверный логин или пароль.");
return BadRequest("Неверный логин или пароль");
}
else
{
AuthenticationManager.SignOut();
AuthenticationManager.SignIn(new AuthenticationProperties
{
IsPersistent = true
}, claim);
}
return Ok();
}
Startup.cs:クライアントから
public void Configuration(IAppBuilder app)
{
var config = new HttpSelfHostConfiguration("http://localhost:9000");
HttpListener listener = (HttpListener)app.Properties["System.Net.HttpListener"];
string authMode = ConfigurationManager.AppSettings["AuthMode"];
if (authMode == "windows")
listener.AuthenticationSchemes = AuthenticationSchemes.IntegratedWindowsAuthentication;
app.CreatePerOwinContext(CreateAuthService);
config.MapHttpAttributeRoutes();
config.MessageHandlers.Add(new CustomHeaderHandler());
config.EnsureInitialized();
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/api/Account/Login")
});
app.UseCors(CorsOptions.AllowAll);
app.UseNinjectMiddleware(NinjectConfig.CreateKernel);
app.UseNinjectWebApi(config);
}
private IAuthService CreateAuthService()
{
var serviceCreator = new ServiceCreator();
return serviceCreator.CreateUserService("KCentralBaseConnection");
}
}
public class CustomHeaderHandler : DelegatingHandler
{
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
{
return base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
{
HttpResponseMessage response = task.Result;
response.Headers.Add("Access-Control-Allow-Origin", "http://127.0.0.1:1841");
response.Headers.Add("Access-Control-Allow-Headers", "*");
response.Headers.Add("Access-Control-Allow-Credentials", "true");
response.Headers.Add("Access-Control-Expose-Headers", "Set-Cookie");
return response;
}, cancellationToken);
}
}
とAjaxリクエスト:ここに私のコントローラであるクライアント次の応答へ
onLoginButton: function(button) {
var me = this;
var form = button.up('form');
var values = form.getValues();
var creditinals = values.login+':'+values.password;
var encoded = Base64.encode(creditinals);
Ext.Ajax.request({
url: WebApiServerUrl + 'api/Account/Login',
useDefaultXhrHeader: false,
cors: true,
headers: {
'Authorization': 'Basic '+encoded
},
params: {
ReturnUrl: window.location.href
},
success: function (response){
window.location.replace(window.location.href);
me.view.destroy();
}
})
}
ログイン方法のperformes正常に戻り:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:*
Access-Control-Allow-Origin:http://127.0.0.1:1841
Access-Control-Expose-Headers:Set-Cookie
Cache-Control:no-cache
Content-Length:0
Date:Fri, 15 Apr 2016 11:27:52 GMT
Expires:-1
Pragma:no-cache
Server:Microsoft-HTTPAPI/2.0
Set-Cookie:.AspNet.ApplicationCookie=AQAAANCMnd8BFdERjHoAwE_Cl-sBAAAAVeoujy5JdkaH_QpkOzXnDgAAAAACAAAAAAAQZgAAAAEAACAAAACLPGlOfvi79s2kU5ufyi9f3e2NZmBSfKePhsb-Yrb--QAAAAAOgAAAAAIAACAAAADjnYtqzg1eo2OecgqcCR6FE6wStdA9G_KlLPpcUyOpwmABAAB9hv7RbAug93wiDtl6qarpgBavISxBqBjiBdQ1eRzAvucGgO19605M7rqiPQAPxV3ZidcRxsYnhKKKdYNFPPexahMARNIJHwK8Q0lwH8XwTW66URJFl631lx-C0flLQep_MpKvRlJcyZ15zF2UEkHk0A6QtrY2Ae_nDkMATxJb2J9QIo_2j5HXfuxfugIOvWtJcnfMXO1uksOrsXCiBqSSIff_V2MLSnMLfKh2yRsEeDgezgYP77oGyXdjNGdgtte7mzNGRlitkcY9ArCtcubY8Im3x_X7j_PjHObPzn9X41MdhhpBwD3POssrAYtv-LDbaIITGjY_7aSWsAYNaZF-ztqpqkvRlY3drs5J060UbMtywQK1FWjvO_kI7sdVsbhKtyHghAgGU6svwb1uNIXVOCY-gSMoBCtgpDsCv2CIhNTTNeqM3cE5GXibUkJxMa8uWLS_QKy_T65H7wwn97IgQAAAANlyJIlNsiytkzJoz01lZbk1FyZVXtkor21cA4H05bPjuc7Aj9qYE8xDm2PnmQ3z5zwvHr5uxTRB7kklUsD_oaI; path=/; expires=Fri, 29-Apr-2016 11:27:53 GMT; HttpOnly
Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Authorization:Basic QWRtaW46cGFzc3dvcmQ=
Connection:keep-alive
Content-Length:61
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Host:localhost:9000
Origin:http://127.0.0.1:1841
Referer:http://127.0.0.1:1841/Admin/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36
しかし、ブラウザはCookieを保存しません(私はChromeとIEで試しました)が、郵便受けでは同じリクエストを送信しますが、Cookieは大丈夫です。