C# OAuth承载令牌不工作
我有一个身份验证提供者的最小设置,它设置声明标识C# OAuth承载令牌不工作,c#,asp.net-web-api,oauth,owin,bearer-token,C#,Asp.net Web Api,Oauth,Owin,Bearer Token,我有一个身份验证提供者的最小设置,它设置声明标识 public class SimpleAuthorizationProvider : OAuthAuthorizationServerProvider { public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { context.Validated();
public class SimpleAuthorizationProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
if (context.UserName != context.Password)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
context.Validated(identity);
}
}
我正在尝试访问hello world api,这会导致未经授权的访问错误
public class HelloWorldApiController : ApiController
{
[HttpGet]
[Route("api/hello")]
//[AllowAnonymous]
[Authorize]
public HttpResponseMessage FetchAllEnum()
{
return Request.CreateResponse(HttpStatusCode.OK, "Hello World!!!");
}
}
但我正在获得401/未经授权访问上述API。我确实将承载令牌返回到web api,并将其作为承载ABCD****
传递到服务器。我确实看到授权头是在VisualStudio中调试时设置的
如果我调试authorized属性
,我将得到user.Identity.isauthorized
为false
,这实际上是问题的根源。
但是考虑到我确实看到了授权头集,并且我在OAuthProvider
中设置了声明详细信息,为什么AuthorizeAttribute
没有读取该信息
注意:这是一个Web API项目,因此没有对MVC属性的引用
以下是OWIN设置:
public static class WebApiConfig
{
public static HttpConfiguration Register()
{
var config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
//config.SuppressDefaultHostAuthentication(); //tried with/without this line
config.Filters.Add(new AuthorizeAttribute());
config.EnableCors(new EnableCorsAttribute("*", "*", "*", "*"));
return config;
}
}
public class OwinConfiguration
{
// ReSharper disable once UnusedMember.Local
public void Configuration(IAppBuilder app)
{
ConfigureOAuth(app);
app.UseCors(CorsOptions.AllowAll);
app.UseWebApi(WebApiConfig.Register());
}
private void ConfigureOAuth(IAppBuilder app)
{
var options = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(60),
Provider = new SimpleAuthorizationProvider()
};
app.UseOAuthAuthorizationServer(options);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
要使其正常工作,请添加(新的HostAuthenticationAttribute(“承载”)代码>需要添加此行beofre AUTHORY属性
public static HttpConfiguration Register()
{
var config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
config.Filters.Add(new HostAuthenticationAttribute("bearer")); //added this
config.Filters.Add(new AuthorizeAttribute());
config.EnableCors(new EnableCorsAttribute("*", "*", "*", "*"));
return config;
}
另一个可行的解决方案是不使用HostAuthenticationAttribute,而是将OWIN筛选器设置为活动筛选器,如下所示:
var bearerOptions = new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new JwtFormat(validationParameters),
AuthenticationMode = AuthenticationMode.Active,
};
EnableCorsAttribute
是否需要任何程序集引用?我是否需要扩展方法来使用config.EnableCors(…)
?您需要安装nugget:。Microsoft.owin.cors BearOptions变量分配给什么?感谢您。使用OAuthBeareAuthentication()