OAuth令牌授权(请求已被拒绝)
[英]OAuth token authorization (request has been denied)
问题描述
I have a WebApi 2 and a MVC Web project in the same solution running on different IIS ports. 
我在不同IIS端口上运行的同一解决方案中有一个WebApi 2和一个MVC Web项目。 After recieving my Oauth token using jQuery AJAX I still get a 401 Unauthorized error message when trying to call an authorized Controller method. 在使用jQuery AJAX收到我的Oauth令牌后,我在尝试调用授权的Controller方法时仍然收到401 Unauthorized错误消息。
Startup: 启动:
public void Configuration(IAppBuilder app)
{
HttpConfiguration httpConfig = new HttpConfiguration();
ConfigureOAuthTokenGeneration(app);
ConfigureOAuthTokenConsumption(app);
ConfigureWebApi(httpConfig);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(httpConfig);
}
CustomOAuthProvider: CustomOAuthProvider:
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<UserManager>();
User user = await userManager.FindAsync(context.UserName, context.Password);
// checks with context.SetError() results.
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, "JWT");
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "User"));
var ticket = new AuthenticationTicket(oAuthIdentity, null);
context.Validated(ticket);
}
Thinks I've tried from I get "Authorization has been denied for this request." 我认为我已经尝试了“此请求已被拒绝授权。” error message when using OWIN oAuth middleware (with separate Auth and Resource Server) : 使用OWIN oAuth中间件(具有单独的Auth和资源服务器)时出现错误消息 :
- Updating all the Owin packages to latest version (Web project does not use any Owin functionality so it is not installed here). 将所有Owin软件包更新到最新版本(Web项目不使用任何Owin功能,因此不会在此处安装)。
- Api and web are different projects but on same machine, so same machinekey. Api和web是不同的项目,但在同一台机器上,所以同样的机器密钥。
- OAuth Token configuration comes before the WebApi configuration in Startup.cs. OAuth令牌配置位于Startup.cs中的WebApi配置之前。
- Claims are made: oAuthIdentity consist out of a role and an admin claim ( http://schemas.microsoft.com/ws/2008/06/identity/claims/role : User) 声明:oAuthIdentity由角色和管理员声明组成( http://schemas.microsoft.com/ws/2008/06/identity/claims/role:User )
Everything else works as expected (web api, cors, token generation,...), what am I doing wrong? 其他一切都按预期工作(web api,cors,token generation,......),我做错了什么? (There is a lot of code involved, so let me know if I need to place an other piece of code from my projects. (涉及到很多代码,所以如果我需要从我的项目中添加其他代码,请告诉我。
EDIT: 编辑:
Ajax call (Solution by jumuro): Ajax调用(jumuro解决方案):
var token = sessionStorage.getItem(tokenKey); // Same as the generated login token
$.ajax({
type: 'POST',
// Don't forget the 'Bearer '!
beforeSend: function (xhr) { xhr.setRequestHeader('Authorization', 'Bearer ' + token) },
url: 'http://localhost:81/api/auth/test', // Authorized method
contentType: 'application/json; charset=utf-8'
}).done(function (data) {
//
});
1 个解决方案
解决方案1
1 已采纳 2016-05-05 06:58:58
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.