问题描述
我有,其中一个应用程序试图使用不同的身份验证方法从同一台服务器访问资源的问题,这两种方法:
I am having an issue where an app tries to access resources from the same server using different authentication methods, the two methods are:
- 凭据(NTLM,基本等)
- 的OAuth(承载)
HttpBaseProtocolFilter
是设置为:
- 禁用缓存
- 关闭自动UI凭证请求弹出
代码
HttpBaseProtocolFilter filter = new HttpBaseProtocolFilter();
filter.CacheControl.WriteBehavior = HttpCacheWriteBehavior.NoCache;
filter.CacheControl.ReadBehavior = HttpCacheReadBehavior.MostRecent;
filter.AllowUI = false;
添加服务器凭据
如果资源需要凭据,然后我用:
Adding Server Credential
If the resource needs credentials then I use:
filter.ServerCredential = new PasswordCredential(
RequestUri.ToString(),
UserName,
Password);
HttpClient httpClient = new HttpClient(filter);
添加的OAuth令牌
如果资源需要我用一个承载令牌:
Adding OAuth Token
If the resource needs a Bearer token I use:
HttpClient httpClient = new HttpClient(filter);
httpClient.DefaultRequestHeaders.Authorization = new HttpCredentialsHeaderValue("Bearer", token);
的的 ServerCredential
为空
filter.ServerCredential = null
充分利用服务器的响应
Getting response from server
using(httpClient)
{
using(HttpRequestMessage requestMessage = new HttpRequestMessage(new HttpMethod(method), RequestUri))
{
using(HttpResponseMessage response = await httpClient.SendRequestAsync(requestMessage))
{
// Do something with response
}
}
}
的东西问题
如果在的HttpClient
要求使用返回一个200(OK) ServerCredential
,然后每隔以下承载
的要求也将返回200(OK),即使承载
令牌无效和 filter.ServerCredential
为空。
The issue
If the HttpClient
request returns a 200 (OK) using ServerCredential
, then every following Bearer
request also returns 200 (OK) even if the Bearer
token is invalid and filter.ServerCredential
is null.
这看起来好像 filter.ServerCredential
被缓存,所有后续调用都与缓存凭据进行身份验证。
It looks as if the filter.ServerCredential
is cached and all subsequent calls are authenticated with the cached credentials.
我必须重新启动应用程序,如果我想要做一个承载
认证。
I have to restart the app if I want to do a Bearer
authentication.
如何删除,禁用或清除 ServerCredential
的Windows.Web.Http.HttpClient的?
How can I remove, disable or clear the ServerCredential
of the Windows.Web.Http.HttpClient?
事情我已经试过:
var cookieManager = filter.CookieManager;
HttpCookieCollection myCookieJar = cookieManager.GetCookies(RequestUri);
foreach (HttpCookie cookie in myCookieJar)
{
cookieManager.DeleteCookie(cookie);
}
的
myCookieJar
是空的。
Windows.Security.Credentials.PasswordCredentialPropertyStore credentialPropertyStore = new Windows.Security.Credentials.PasswordCredentialPropertyStore();
的
credentialPropertyStore
是空的。
和
PasswordCredentialPropertyStore
方法清除的
However, #1 is still not sufficient to let you clear the original cached credentials - you can only overwrite them. To support clearing of cached credentials, we have now added a method to HttpBaseProtocolFilter - HttpBaseProtocolFilter.ClearAuthenticationCache() which clears all cached credential information. You can call this when you want to clear the credentials and/or client certificates from past instances of HttpClient in your app. The documentation for this method will soon be available here
由于
Sidharth
ThanksSidharth
[Windows网络团队]
[Windows Networking team]
这篇关于如何在Windows.Web.Http.HttpClient停止凭据缓存?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!