C# Owin承载令牌不适用于WebApi
我已经阅读了大量的文档,我的谷歌搜索显示我已经访问了第一页上的所有链接 问题 令牌生成工作正常。我使用自定义提供程序对其进行了如下配置:C# Owin承载令牌不适用于WebApi,c#,asp.net-web-api,oauth,owin,C#,Asp.net Web Api,Oauth,Owin,我已经阅读了大量的文档,我的谷歌搜索显示我已经访问了第一页上的所有链接 问题 令牌生成工作正常。我使用自定义提供程序对其进行了如下配置: public void ConfigureOAuth(IAppBuilder app) { var usermanager = NinjectContainer.Resolve<UserManager>(); app.UseOAuthAuthorizationServer(new OAuthAuth
public void ConfigureOAuth(IAppBuilder app)
{
var usermanager = NinjectContainer.Resolve<UserManager>();
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new AppOAuthProvider(usermanager)
});
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseNinjectMiddleware(NinjectContainer.CreateKernel);
app.UseNinjectWebApi(GlobalConfiguration.Configuration);
GlobalConfiguration.Configure(WebApiConfig.Register);
ConfigureOAuth(app);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(GlobalConfiguration.Configuration);
app.UseWelcomePage();
}
}
在您的提供商中,您必须:
public override ValidateClientAuthentication(OAuthClientAuthenticationContext context)
{
//test context.ClientId
//if you don't care about client id just validate the context
context.Validated();
}
HttpConfiguration config = new HttpConfiguration();
app.UseNinjectMiddleware(NinjectContainer.CreateKernel);
app.UseNinjectWebApi(GlobalConfiguration.Configuration);
ConfigureOAuth(app);
WebApiConfig.Register(config);
//GlobalConfiguration.Configure(WebApiConfig.Register);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
// app.UseWebApi(GlobalConfiguration.Configuration);
app.UseWebApi(config);
app.UseWelcomePage();
我在github上用我们的示例应用程序尝试了这一点,它成功了在IAppBuilder上调用UseWebApi之前,必须配置OAuth授权服务器和OAuth承载身份验证。以下是我的节目
public void Configuration(IAppBuilder app)
{
app.UseFileServer(new FileServerOptions()
{
RequestPath = PathString.Empty,
FileSystem = new PhysicalFileSystem(@".\files")
});
// set the default page
app.UseWelcomePage(@"/index.html");
ConfigureAuth(app);
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute
(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
config.Formatters.Clear();
config.Formatters.Add(new JsonMediaTypeFormatter());
config.Formatters.JsonFormatter.SerializerSettings =
new JsonSerializerSettings
{
ContractResolver = new CamelCasePropertyNamesContractResolver()
};
app.UseCors(CorsOptions.AllowAll);
app.UseWebApi(config);
}
public void ConfigureAuth(IAppBuilder app)
{
OAuthAuthorizationServerOptions oAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new YourApplicationOAuthProvider()
};
app.UseOAuthAuthorizationServer(oAuthServerOptions);
app.UseOAuthBearerAuthentication
(
new OAuthBearerAuthenticationOptions
{
Provider = new OAuthBearerAuthenticationProvider()
}
);
}
您是否使用了本教程:您还必须覆盖ValidateClientAuthentication,否则您的请求总是被拒绝。这就是我所做的,我仍然得到“未授权”。我已更新问题以显示我的回答class@Ody你能在GrantResourceOwnerCredentials方法中添加一个断点并确保它被命中吗?是的,当我试图创建一个令牌时,这两个方法都被调用,并且工作正常。但是,当我试图访问一个受保护的资源时,这两个资源都不会被调用。您能告诉我们您的操作方法吗?你能确保它是用“@Ody”注释的吗?这些方法(GrantResourceOwnerCredentials和ValidateClientAuthentication)只能在获取令牌时调用,当你使用令牌时,使用的是OAuthBeareAuthentication中间件注意,这个答案中的顺序在我的应用程序中是至关重要的。我使用的是SimpleInjector,不是Ninject,但我根本不需要在Startup类中使用GlobalConfiguration.Configuration…只需传递创建的配置就足够了。在上面的例子中,它仍然在第3行中使用。@swannee发现这就是问题所在。另外,为了让DI工作,我必须在app.UseWebApi(config)之前移动app.UseNinjectWebApi,这对我帮助很大!非常感谢。回答得很好。我现在知道它为什么不起作用了。事后看来,这一切都是有道理的。我现在想知道我在想什么<代码>使用InjectWebAPI注册WebAPI。我把它放在上面的
ConfigureAuth HttpConfiguration config = new HttpConfiguration();
app.UseNinjectMiddleware(NinjectContainer.CreateKernel);
app.UseNinjectWebApi(GlobalConfiguration.Configuration);
ConfigureOAuth(app);
WebApiConfig.Register(config);
//GlobalConfiguration.Configure(WebApiConfig.Register);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
// app.UseWebApi(GlobalConfiguration.Configuration);
app.UseWebApi(config);
app.UseWelcomePage();
public void Configuration(IAppBuilder app)
{
app.UseFileServer(new FileServerOptions()
{
RequestPath = PathString.Empty,
FileSystem = new PhysicalFileSystem(@".\files")
});
// set the default page
app.UseWelcomePage(@"/index.html");
ConfigureAuth(app);
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute
(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
config.Formatters.Clear();
config.Formatters.Add(new JsonMediaTypeFormatter());
config.Formatters.JsonFormatter.SerializerSettings =
new JsonSerializerSettings
{
ContractResolver = new CamelCasePropertyNamesContractResolver()
};
app.UseCors(CorsOptions.AllowAll);
app.UseWebApi(config);
}
public void ConfigureAuth(IAppBuilder app)
{
OAuthAuthorizationServerOptions oAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new YourApplicationOAuthProvider()
};
app.UseOAuthAuthorizationServer(oAuthServerOptions);
app.UseOAuthBearerAuthentication
(
new OAuthBearerAuthenticationOptions
{
Provider = new OAuthBearerAuthenticationProvider()
}
);
}