本文介绍了如何在Windows.Web.Http.HttpClient停止凭据缓存?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有,其中一个应用程序试图使用不同的身份验证方法从同一台服务器访问资源的问题,这两种方法:

I am having an issue where an app tries to access resources from the same server using different authentication methods, the two methods are:


  • 凭据(NTLM,基本等)

  • 的OAuth(承载)

HttpBaseProtocolFilter 是设置为:


  • 禁用缓存

  • 关闭自动UI凭证请求弹出

代码

HttpBaseProtocolFilter filter = new HttpBaseProtocolFilter();
filter.CacheControl.WriteBehavior = HttpCacheWriteBehavior.NoCache;
filter.CacheControl.ReadBehavior = HttpCacheReadBehavior.MostRecent;
filter.AllowUI = false;



添加服务器凭据



如果资源需要凭据,然后我用:

Adding Server Credential

If the resource needs credentials then I use:

filter.ServerCredential = new PasswordCredential(
                RequestUri.ToString(),
                UserName,
                Password);

HttpClient httpClient = new HttpClient(filter);



添加的OAuth令牌



如果资源需要我用一个承载令牌:

Adding OAuth Token

If the resource needs a Bearer token I use:

HttpClient httpClient = new HttpClient(filter);
httpClient.DefaultRequestHeaders.Authorization = new HttpCredentialsHeaderValue("Bearer", token);

ServerCredential 为空

filter.ServerCredential = null



充分利用服务器的响应



Getting response from server

using(httpClient)
{
   using(HttpRequestMessage requestMessage = new HttpRequestMessage(new HttpMethod(method), RequestUri))
   {
       using(HttpResponseMessage response = await httpClient.SendRequestAsync(requestMessage))
       {
           // Do something with response
       }
   }
}



的东西问题



如果在的HttpClient 要求使用返回一个200(OK) ServerCredential ,然后每隔以下承载的要求也将返回200(OK),即使承载令牌无效和 filter.ServerCredential 为空。

The issue

If the HttpClient request returns a 200 (OK) using ServerCredential, then every following Bearer request also returns 200 (OK) even if the Bearer token is invalid and filter.ServerCredential is null.

这看起来好像 filter.ServerCredential 被缓存,所有后续调用都与缓存凭据进行身份验证。

It looks as if the filter.ServerCredential is cached and all subsequent calls are authenticated with the cached credentials.

我必须重新启动应用程序,如果我想要做一个承载认证。

I have to restart the app if I want to do a Bearer authentication.

如何删除,禁用或清除 ServerCredential 的Windows.Web.Http.HttpClient的?

How can I remove, disable or clear the ServerCredential of the Windows.Web.Http.HttpClient?

事情我已经试过:

var cookieManager = filter.CookieManager;
HttpCookieCollection myCookieJar = cookieManager.GetCookies(RequestUri);
foreach (HttpCookie cookie in myCookieJar)
{
    cookieManager.DeleteCookie(cookie);
}



myCookieJar 是空的。

Windows.Security.Credentials.PasswordCredentialPropertyStore credentialPropertyStore = new Windows.Security.Credentials.PasswordCredentialPropertyStore();



credentialPropertyStore 是空的。

PasswordCredentialPropertyStore 方法清除的

However, #1 is still not sufficient to let you clear the original cached credentials - you can only overwrite them. To support clearing of cached credentials, we have now added a method to HttpBaseProtocolFilter - HttpBaseProtocolFilter.ClearAuthenticationCache() which clears all cached credential information. You can call this when you want to clear the credentials and/or client certificates from past instances of HttpClient in your app. The documentation for this method will soon be available here

由于
Sidharth

ThanksSidharth

[Windows网络团队]

[Windows Networking team]

这篇关于如何在Windows.Web.Http.HttpClient停止凭据缓存?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-18 20:17