Fatal编程技术网
  • authentication/
  • Authentication Asp net Identity 2.0承载令牌和角色错误

Authentication Asp net Identity 2.0承载令牌和角色错误

authentication asp.net-web-api

Authentication Asp net Identity 2.0承载令牌和角色错误,authentication,asp.net-web-api,authorization,roles,asp.net-identity-2,Authentication,Asp.net Web Api,Authorization,Roles,Asp.net Identity 2,当用户没有角色但有承载令牌时,如何自定义错误响应 默认情况下,Identity 2.0在用户没有令牌和角色时发送相同的响应 请告诉我解决这个问题必须采用什么方法 我使用Asp net Web Api 2.0 请求标头: content-type: application/json accept: application/json authorization: bearer {token_value} 响应标题: cache-control: no-cache pragma: no-cache

当用户没有角色但有承载令牌时,如何自定义错误响应

默认情况下,Identity 2.0在用户没有令牌和角色时发送相同的响应

请告诉我解决这个问题必须采用什么方法

我使用Asp net Web Api 2.0

请求标头:

content-type: application/json
accept: application/json
authorization: bearer {token_value}
响应标题:

cache-control: no-cache
pragma: no-cache
content-type: application/json; charset=utf-8
expires:-1
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
www-authenticate: Bearer
x-sourcefiles:
=?UTF-8?B?RDpcUHJvamVjdCBWUzE3XEJveGluZ0FwcFxBcHBCb3hpbmdcQXBwQm94aW5nXGFwaVxWYWx1ZXNcVXNlcg==?=
x-powered-by: ASP.NET
date: Tue, 11 Sep 2018 20:08:14 GMT
content-length: 61
{"Message":"Authorization has been denied for this request."}
当用户没有角色或令牌时,响应是相同的。 响应代码是401

 public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
        {

            var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
            var roleManager = context.OwinContext.GetUserManager<ApplicationRoleManager>();



            ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);

            if (user == null)
            {
                context.SetError("invalid_grant", "The user name or password is incorrect.");
                return;
            }

            ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager,
               OAuthDefaults.AuthenticationType);


            String roles = String.Empty;

            foreach (var roleClaim in user.Roles)
            {
                ApplicationRole rol = null;
                rol = roleManager.FindById(roleClaim.RoleId);
                if (rol != null)
                    roles += rol.Name + ", ";
            }

            AuthenticationProperties properties = CreateProperties(user.UserName, roles.ToString());  


            AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);

            context.Validated(ticket);

        }
响应令牌:

{
"access_token": "{token_value}",
"token_type": "bearer",
"expires_in": 299,
"refresh_token": "{refresh_token}",
"userName": "{user_name}",
"roles": "Default",
".issued": "Tue, 11 Sep 2018 20:32:27 GMT",
".expires": "Tue, 11 Sep 2018 20:37:27 GMT"
}
你确定回答是一样的吗?如果没有令牌,您将收到401(未经授权),而如果权限不足(缺少角色),您将收到403(禁止)。一些代码可能有助于回答您的问题。请看:我刚才查过了。是的,回答是一样的。 
{
"access_token": "{token_value}",
"token_type": "bearer",
"expires_in": 299,
"refresh_token": "{refresh_token}",
"userName": "{user_name}",
"roles": "Default",
".issued": "Tue, 11 Sep 2018 20:32:27 GMT",
".expires": "Tue, 11 Sep 2018 20:37:27 GMT"
}