Asp.net mvc WebApi(401)在生产中未经授权
我看到了一些关于WebApi 401未经授权问题的问题和答案。我仍然不明白为什么在当地环境中一切都很好;然而,上述错误发生在生产过程中 我发布了大部分代码逻辑,因此有人可以解释问题所在以及解决方案。请尽量做到准确和清晰。所有的答案,包括这一个,我仍然不清楚 正如您将在下面注意到的,我只使用提供的模板,没有太多更改 下面是Global.asax.cs中的常用条目:Asp.net mvc WebApi(401)在生产中未经授权,asp.net-mvc,asp.net-web-api,oauth,Asp.net Mvc,Asp.net Web Api,Oauth,我看到了一些关于WebApi 401未经授权问题的问题和答案。我仍然不明白为什么在当地环境中一切都很好;然而,上述错误发生在生产过程中 我发布了大部分代码逻辑,因此有人可以解释问题所在以及解决方案。请尽量做到准确和清晰。所有的答案,包括这一个,我仍然不清楚 正如您将在下面注意到的,我只使用提供的模板,没有太多更改 下面是Global.asax.cs中的常用条目: public class WebApiApplication : System.Web.HttpApplication { p
public class WebApiApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
}
下面是Startup.cs:
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
}
}
下面是Startup.Auth.cs文件:
public partial class Startup
{
public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
public static string PublicClientId { get; private set; }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context and user manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Configure the application for OAuth based flow
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(7),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = bool.Parse(System.Web.Configuration.WebConfigurationManager.AppSettings.Get("Oauth_AllowInsecureHttp"))
};
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
//****************** GOOGLE AUTHENTICATION *******************************************************
app.UseGoogleAuthentication(new GoogleOAuth2AuthenticationOptions()
{
ClientId = System.Web.Configuration.WebConfigurationManager.AppSettings.Get("Oauth_Google:ClientID"),
ClientSecret = System.Web.Configuration.WebConfigurationManager.AppSettings.Get("Oauth_Google:ClientSecret")
});
}
}
正如前面提到的,本地的一切都很好。401(授权)问题仅在部署到远程服务器上时发生。我们已经和邮递员测试过了,仍然没有运气。响应标题显示:
-服务器→微软IIS/8.5;
-WWW认证→持票人,谈判,NTLM
所以,毫无疑问,“授权:承载某些令牌”应该有效
谢谢您的帮助。最后,我在查看了我的CORS配置后解决了这个问题(上面的帖子中没有包含代码) 嗨。。你能同时发布你的网络配置文件吗。。而且。你不确定这是CORS的问题吗?
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Elmah logging...
config.Services.Add(typeof(IExceptionLogger), new ElmahExceptionLogger());
// Web API configuration and services
// Configure Web API to use only bearer token authentication.
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html"));
config.Formatters.JsonFormatter.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore;
}
}