C# PostAsync to/Token返回内部服务器错误
我有一个web Api,其中包含到启动中登录令牌设置的路由。身份验证如下:C# PostAsync to/Token返回内部服务器错误,c#,asp.net,asp.net-web-api2,C#,Asp.net,Asp.net Web Api2,我有一个web Api,其中包含到启动中登录令牌设置的路由。身份验证如下: PublicClientId = "self"; OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
AllowInsecureHttp = false
};
将我的api登录请求路由到此处:
[OverrideAuthentication]
[HostAuthentication(DefaultAuthenticationTypes.ExternalCookie)]
[AllowAnonymous]
[Route("ExternalLogin", Name = "ExternalLogin")]
public async Task<IHttpActionResult> GetExternalLogin(string provider, string error = null)
{
Authorize stuff...
}
使用登录内容:
var values = new Dictionary<string, string>();
values.Add("grant_type", "password");
values.Add("username", "usernamehere");
values.Add("password", "passwordhere");
var loginContent = new FormUrlEncodedContent(values);
我收到一个(400)错误的请求。不知道下一步该做什么
我必须让令牌身份验证工作。。。没有安全性,无法发布。;)
更新:
我应该补充一点,我正在使用自定义UserStore作为标识
更新2:客户端
public static HttpClient GetClient()
{
HttpClient Client = new HttpClient();
Client.BaseAddress = new Uri(Ics2Constants.ICS2APIBaseAddress);
Client.DefaultRequestHeaders.Accept.Clear();
Client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
return Client;
}
然后使用:
using (var client = ICS2HttpClient.GetClient())
{
//TESTING:
await ICS2HttpClient.Authenticate(client);
//... more stuff after authentication
}
身份验证包含PostAsync Authorize属性不应置于获取令牌的任何方法之上,它应该是匿名的,以防其他人犯与我相同的愚蠢错误: GrantResourceOwnerCredentials是验证用户/密码并分发访问令牌时/令牌路由到的位置 在我的例子中,下面的代码位于ApplicationAuthProvider.cs的Providers目录中
public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider
{
private readonly string _publicClientId;
public ApplicationOAuthProvider(string publicClientId)
{
if (publicClientId == null)
{
throw new ArgumentNullException("publicClientId");
}
_publicClientId = publicClientId;
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
// use the userManager to find the user, check credentials, grab roles, etc.
}
如果有人需要更多帮助,我可以发布更多细节。我知道解决所有细节对我来说是一件痛苦的事
再来一张。我在mySQL Identity stuff的基础上编写了定制的Identity stuff你能在实例化客户端的地方添加代码吗?我觉得自己很笨。我应该在GrantResourceOwnerCredentials中查找令牌请求。我有一些逻辑,需要根据我的自定义身份进行更新。。。旧逻辑失败并返回内部服务器错误。。。在外面找不到合适的地方。
using (var client = ICS2HttpClient.GetClient())
{
//TESTING:
await ICS2HttpClient.Authenticate(client);
//... more stuff after authentication
}
public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider
{
private readonly string _publicClientId;
public ApplicationOAuthProvider(string publicClientId)
{
if (publicClientId == null)
{
throw new ArgumentNullException("publicClientId");
}
_publicClientId = publicClientId;
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
// use the userManager to find the user, check credentials, grab roles, etc.
}