Asp.net 在OAuthBealerTokens不工作的情况下,在Web Api 2.0中授权筛选器
我有一个单页应用程序(AngularJS+AspnetWebAPI),使用OAuthBealerToken风格的身份验证 我的代码如下Asp.net 在OAuthBealerTokens不工作的情况下,在Web Api 2.0中授权筛选器,asp.net,angularjs,asp.net-web-api,oauth-2.0,asp.net-identity-2,Asp.net,Angularjs,Asp.net Web Api,Oauth 2.0,Asp.net Identity 2,我有一个单页应用程序(AngularJS+AspnetWebAPI),使用OAuthBealerToken风格的身份验证 我的代码如下 [assembly: OwinStartupAttribute(typeof(App.Web.Startup))] namespace App.Web { public partial class Startup { public void Configuration(IAppBuilder app) { v
[assembly: OwinStartupAttribute(typeof(App.Web.Startup))]
namespace App.Web
{
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
var config = new HttpConfiguration();
config.SuppressDefaultHostAuthentication();
config.Formatters.Remove(config.Formatters.XmlFormatter);
var jsonFormatter = config.Formatters.OfType<JsonMediaTypeFormatter>().First();
jsonFormatter.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();
config.Filters.Add(new ValidateModelStateAttribute());
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
//register autofac
var builder = new ContainerBuilder();
builder.RegisterModelBinders(Assembly.GetExecutingAssembly());
builder.RegisterControllers(Assembly.GetExecutingAssembly());
builder.RegisterFilterProvider();
builder.RegisterModelBinderProvider();
builder.RegisterWebApiFilterProvider(config);
builder.RegisterWebApiModelBinders(Assembly.GetExecutingAssembly());
builder.RegisterApiControllers(Assembly.GetExecutingAssembly());
var container = builder.Build();
var resolver = new AutofacWebApiDependencyResolver(container);
config.DependencyResolver = resolver;
app.UseAutofacMiddleware(container);
app.UseAutofacWebApi(config);
app.UseWebApi(config);
ConfigureOAuth(app, container);
}
public void ConfigureOAuth(IAppBuilder app, IContainer container)
{
var oAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = container.Resolve(typeof(SimpleAuthorizationServerProvider)) as IOAuthAuthorizationServerProvider
};
app.UseOAuthBearerTokens(oAuthServerOptions);
app.UseOAuthAuthorizationServer(oAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
[程序集:OwinStartupAttribute(typeof(App.Web.Startup))]
名称空间App.Web
{
公共部分类启动
{
公共无效配置(IAppBuilder应用程序)
{
var config=新的HttpConfiguration();
config.SuppressDefaultHostAuthentication();
config.Formatters.Remove(config.Formatters.XmlFormatter);
var jsonFormatter=config.Formatters.OfType().First();
jsonFormatter.SerializerSettings.ContractResolver=新的CamelCasePropertyNamesContractResolver();
添加(新的ValidateModelStateAttribute());
添加(新的HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
//Web API路由
config.maphttpAttribute路由();
config.Routes.MapHttpRoute(
名称:“DefaultApi”,
routeTemplate:“api/{controller}/{id}”,
默认值:新建{id=RouteParameter.Optional}
);
//寄存器自动传真
var builder=new ContainerBuilder();
registerModelBinder(Assembly.getExecutionGassembly());
RegisterController(Assembly.getExecutionGassembly());
builder.RegisterFilterProvider();
RegisterModelBinderProvider();
builder.RegisterWebAPI过滤器提供程序(配置);
registerWebApiModelBinder(Assembly.getExecutionGassembly());
RegisterAppController(Assembly.getExecutionGassembly());
var container=builder.Build();
var resolver=新的AutofacWebApidenceResolver(容器);
config.dependencyrolver=解析程序;
app.useautofac中间件(容器);
app.UseAutofacWebApi(配置);
app.UseWebApi(配置);
配置OAuth(应用程序、容器);
}
公共void配置OAuth(IAppBuilder应用程序、IContainer容器)
{
var oAuthServerOptions=新的OAuthAuthorizationServerOptions()
{
AllowInsecureHttp=true,
TokenEndpointPath=新路径字符串(“/token”),
AccessTokenExpireTimeSpan=TimeSpan.FromDays(1),
Provider=container.Resolve(typeof(SimpleAuthorizationServerProvider))作为IOAuthorizationServerProvider
};
应用程序。使用OAuthBeareTokens(oAuthServerOptions);
使用OAuthAuthorizationServer(oAuthServerOptions);
使用OAuthBeareAuthentication(新的OAuthBeareAuthenticationOptions());
}
}
}
我的SimpleAuthorizationProvider实现如下所示
public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] {"*"});
var userManager = context.OwinContext.GetAutofacLifetimeScope().Resolve<IUserStore<User>>() as UserStore;
if (userManager != null)
{
var user = await userManager.FindByNameAsync(context.UserName);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var phash = await userManager.GetPasswordHashAsync(user);
//the hash of the incoming password
var passwordHasher = new PasswordHasher();
var result = passwordHasher.VerifyHashedPassword(phash, context.Password);
if (result == PasswordVerificationResult.Success)
{
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Sid, user.Id.ToString()));
identity.AddClaim(new Claim(ClaimTypes.Email, user.UserName));
context.Validated(identity);
}
else
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
}
}
}
}
公共类SimpleAuthorizationServerProvider:OAuthAuthorizationServerProvider
{
公共重写异步任务ValidateClientAuthentication(OAuthValidateClientAuthenticationContext)
{
context.Validated();
}
公共重写异步任务GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentials上下文)
{
context.OwinContext.Response.Headers.Add(“访问控制允许来源”,新[]{“*”});
var userManager=context.OwinContext.GetAutofacLifetimeScope().Resolve()作为UserStore;
if(userManager!=null)
{
var user=await userManager.FindByNameAsync(context.UserName);
if(user==null)
{
SetError(“无效的授权”,“用户名或密码不正确”);
返回;
}
var phash=await userManager.GetPasswordHashAsync(用户);
//传入密码的哈希
var passwordHasher=new passwordHasher();
var result=passwordHasher.VerifyHashedPassword(phash,context.Password);
if(result==PasswordVerificationResult.Success)
{
var identity=newclaimsidentity(context.Options.AuthenticationType);
AddClaim(新声明(ClaimTypes.Sid,user.Id.ToString());
identity.AddClaim(新的声明(ClaimTypes.Email,user.UserName));
上下文验证(身份);
}
其他的
{
SetError(“无效的授权”,“用户名或密码不正确”);
}
}
}
}
现在问题来了
当我向/token端点发出post请求时。一切正常,我得到了一张不记名代币
每当我试图访问一个带有authorize属性的操作方法,并将HTTP授权头设置为Bearer{access_token},我就会得到消息
“此请求的授权已被拒绝”
请问我做错什么了吗?如何在请求中传递标题?应该是 授权:持有人imSXTs2OqSrGWzsFQhIXziFCO3rF
// If we already have a bearer token, set the Authorization header.
var token = sessionStorage.getItem(tokenKey);
var headers = {};
if (token) {
headers.Authorization = 'Bearer ' + token;
}
$.ajax({
type: 'GET',
url: 'api/values/1',
headers: headers
}).done(function (data) {
self.result(data);
}).fail(showError);
看这个,它有一个很好的细节
希望对您有所帮助。您应该使用承载方案在授权标头中发送令牌
我猜您将它作为查询字符串的一部分发送,这就是为什么受API保护的端点不理解它的原因。请查看我的详细帖子,其中介绍了您的具体场景。您的项目中是否有
WebApiConfig.cs
文件,其中包含Register(HttpConfiguration config)
方法
如果是,则应包含以下内容:
public static void Register(HttpConfiguration config)
{
// Move config.SuppressDefaultHostAuthentication() from Startup::Register method to this method
config.SuppressDefaultHostAuthentication();
// Add a filter handling "Bearer" authentication to the known filters
config.Filters.Add(new HostAuthenticationFilter("Bearer"));
}
我和你有同样的问题,用这个解决了。
解决方案是由。我也遇到了同样的问题。你找到解决办法了吗?