API形式的身份验证

API形式的身份验证

本文介绍了AngularJS和Web API形式的身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我是新来的 AngularJS 和我开始创建一个示例应用程序,该应用程序有2次:

I'm new to AngularJS and I'm starting to create a sample application, this application has 2 views:


  • 登录查看

  • 欢迎查看

一切工作正常与我的AngularJS虚拟应用程序,但现在我开始实现在服务器端的登录功能:

Everything is working fine with my AngularJS dummy application but now I start implementing the Login functionality on server side:

[HttpPost]
        public JsonResult Login(string credentials)
        {
            bool returnVal = false;

            if (!string.IsNullOrEmpty(credentials))
            {
                FormsAuthentication.SetAuthCookie("DUMMY USER", true);
            }

            return Json(new
            {
                success = returnVal
            },
            JsonRequestBehavior.AllowGet);
        }

和上欢迎控制器我有:

 [Authorize]
        public JsonResult GetPersons()
        {
            return Json(new
            {
                success = false
            },
             JsonRequestBehavior.AllowGet);
        }

然后为了实现窗体身份验证我在web.config中设置:

Then in order to implement the Forms Authentication I have to set in the Web.Config:

<authentication mode="Forms">
      <forms loginUrl="/login" name=".ASPXFORMSAUTH" protection="All" timeout="1" slidingExpiration="true" />-->
    </authentication>

问题是,这样做的时候,它会重定向的URL,所以我得到了以下错误:

The problem is that when doing that it will redirects the URL, so I get the following error:

GET http://localhost:21871/login?ReturnUrl=%2fperson%2fGetPersons 404 (Not Found)

而因为 AngularJS 无法理解这条路线我就不能继续下去。

And because AngularJS can't understand that route then I can't keep going.

如何解决这个也许有更好的方式来做到这一点。任何线索

Any clue on how to address this or maybe there is a better way to do it.

感谢

推荐答案

您可以使用任何你喜欢的认证/授权机制。但是当你调用$ http.get()或$ http.post()您希望收到的JSON对象。但是,如果你没有通过认证,你将被重定向到登录这是一个HTML网页页面。因此,您的code这是检查成功将失败。您需要创建新的自定义授权过滤器(如MyAuthorize)进行身份验证/通过任何可用的技术(SimpleMembership,OAuth的,等等)授权用户如果认证失败,则返回一个RedirectResult代替,resturns与错误标志的JSON对象。然后,您可以检查每个$ http.get()或$ http.post()后该标志,并重定向从客户端用户。我们始终发展我们调用$ http.get()或$ hgttp.post并始终使该检查在那边自己的通信服务。

You can use any authentication/authorization mechanism that you like. But when you are calling $http.get() or $http.post() you expect to receive a JSON object. But if you are not authenticated you will be redirected to login page which is an HTML page. Hence your code which is checking for success will fail. You need to create a new custom authorize filter (like MyAuthorize) that authenticate/authorizes your user by any available technology (SimpleMembership, OAuth, etc) and if authentication fails then instead of returning a RedirectResult, resturns a json object with an Error flag. Then you can check that flag after each $http.get() or $http.post(), and redirect the user from client side. We always develop our own communication service that calls $http.get() or $hgttp.post and always make that check over there.

这篇关于AngularJS和Web API形式的身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-30 06:20