问题描述

我已经创建了Blazor WebAssembly项目，并希望为WebAPI提供一个公共可用功能.

I have created an Blazor WebAssembly project and want to provide a WebAPI with one public available function.

[Route("api/[controller]")]
[ApiController]
[Authorize]
public class SystemEvalApiController : ControllerBase
{
    public SystemEvalApiController(AppDbContext context, IMapper mapper)
    {...}

    [Route("LatestEvals")]
    [AllowAnonymous]
    public ActionResult LatestEvals()

这是我的Api控制器，我应该可以使用以下命令调用它:

that is my Api controller and I should be able to call it with:

SystemEvalPublicViewModel = await Http
                .GetFromJsonAsync<SystemEvalPublicViewModel>(
                    HttpService.BuildUrl("api/SystemEvalApi/LatestEvals"));

当我没有登录任何帐户时.但是相反，我得到了这个错误:

When i am not logged into any account. But instead I get this error:

info: System.Net.Http.HttpClient.JPB.BorannRemapping.ServerAPI.LogicalHandler[100]
      Start processing HTTP request GET https://localhost:44330/api/SystemEvalApi/LatestEvals
blazor.webassembly.js:1 info: Microsoft.AspNetCore.Authorization.DefaultAuthorizationService[2]
      Authorization failed.

"DefaultAuthorizationService"似乎无法识别Anonymous属性，但我找不到直接失败的地方.

It looks like the "DefaultAuthorizationService" does not recognize the Anonymous attribute but I cannot find the point where it fails directly.

如何声明无需登录即可从HttpClient访问WebAPI函数.Microsoft.AspNetCore.Components.WebAssembly.Server 3.2.0.-rc1.20223.4

How do I declare an WebAPI function to be accessable from the HttpClient without Login.Microsoft.AspNetCore.Components.WebAssembly.Server 3.2.0.-rc1.20223.4

这是ClientServices的声明:

Here is the declaration for ClientServices:

var builder = WebAssemblyHostBuilder.CreateDefault(args);
builder.RootComponents.Add<App>("app");

builder.Services.AddHttpClient("JPB.BorannRemapping.ServerAPI", client =>
    {
        client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress);
    })
    .AddHttpMessageHandler<BaseAddressAuthorizationMessageHandler>();

// Supply HttpClient instances that include access tokens when making requests to the server project
builder.Services.AddTransient(sp => sp.GetRequiredService<IHttpClientFactory>().CreateClient("JPB.BorannRemapping.ServerAPI"));
builder.Services.AddTransient(e => new HttpService(e.GetService<HttpClient>()));
builder.Services.AddApiAuthorization();
builder.Services.AddBlazoredLocalStorage();

await builder.Build().RunAsync();

推荐答案

因此，每次获取HttpClient时，它都会使用BaseAddressAuthorizationMessageHandler尝试对请求进行身份验证.但是在这种情况下，您的请求不应经过验证，因此您可以进行以下操作:

So each time you acquire an HttpClient it use the BaseAddressAuthorizationMessageHandler which try to authentify the request. But it this case your request should not be authentified, so you can make something like :

注册

builder.Services.AddHttpClient("JPB.BorannRemapping.ServerAPI.Anonymous", client =>
    {
        client.BaseAddress = new Uri(builder.HostEnvironment.BaseAddress);
    });

用法

@inject IHttpClientFactory _factory

@code {
...
     var httpClient = _factory.CreateClient("JPB.BorannRemapping.ServerAPI.Anonymous");
     var httpService = new HttpService(httpClient);
     SystemEvalPublicViewModel = await httpClient
                .GetFromJsonAsync<SystemEvalPublicViewModel>(
                    httpService.BuildUrl("api/SystemEvalApi/LatestEvals"));
}

这篇关于Blazor WebAssembly阻止WebApi AllowAnonymous的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！