ASP.NET Web API 2中基于令牌的身份验证不起作用
[英]Token based authentication in ASP.NET Web API 2 not working
问题描述
public class Startup
{
public void Configuration(IAppBuilder app)
{
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888
app.UseCors(CorsOptions.AllowAll);
var myProvider = new MyAuthorizationServerProvider();
OAuthAuthorizationServerOptions options = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = myProvider
};
app.UseOAuthAuthorizationServer(options);
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions());
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);
}
}
令牌生成成功,但是当我使用此令牌访问无法正常工作的Authorize控制器时。 总是响应消息显示“对此请求的授权已被拒绝” 此处邮递员发送生成令牌的请求
这是我的MyAuthorizationServerProvider类
public class MyAuthorizationServerProvider: OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
if(context.UserName== "admin" && context.Password == "admin")
{
identity.AddClaim(new Claim(ClaimTypes.Role, "admin"));
identity.AddClaim(new Claim("username", "admin"));
identity.AddClaim(new Claim(ClaimTypes.Name, "Admin Ahasanul Banna"));
context.Validated(identity);
}
else if (context.UserName=="user" && context.Password=="user")
{
identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
identity.AddClaim(new Claim("username", "user"));
identity.AddClaim(new Claim(ClaimTypes.Name, "User Ahasanul Banna"));
context.Validated(identity);
}
else
{
context.SetError("Invalid_grant", "Provided username & password is incorrect");
return;
}
}
}
还有我的AuthorizeAttribute类
public class AuthorizeAttribute :System.Web.Http.AuthorizeAttribute
{
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
base.HandleUnauthorizedRequest(actionContext);
}
else
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
}
}
}
当我使用此令牌服务器响应访问任何“授权”操作时,“此请求的授权已被拒绝”。 消息这里邮递员发送请求
[Authorize]
[HttpGet]
[Route("authenticate")]
public IHttpActionResult GetForAuthenticate()
{
var identity = (ClaimsIdentity)User.Identity;
return Ok("Hello" + identity.Name);
}
[Authorize(Roles ="admin")]
[HttpGet]
[Route("authorize")]
public IHttpActionResult GetForAdmin()
{
var identity = (ClaimsIdentity)User.Identity;
var roles = identity.Claims.Where(c => c.Type == ClaimTypes.Role).Select(c => c.Value);
return Ok("Hello" + identity.Name +" Role: " +string.Join(",",roles.ToList()));
}
如何解决这个问题?
1 个解决方案
解决方案1
1 2019-02-11 11:05:50
检查此代码
public void Configuration(IAppBuilder app)
{
// For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888
app.UseCors(CorsOptions.AllowAll);
var myProvider = new MyAuthorizationServerProvider();
OAuthAuthorizationServerOptions options = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = myProvider
};
app.UseOAuthAuthorizationServer(options);
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions());
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);
}
在这里,您使用具有配置选项的授权服务器(确定):
app.UseOAuthAuthorizationServer(options);
然后将其覆盖而没有选项(不确定)
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions());
只需删除第二个应用程序app.UseOAuthAuthorizationServer然后重试。
你也忘了加
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
如何在基于 cookie 身份验证的 asp.net mvc 项目中向 web api 添加令牌身份验证
[英]How to Add token authentication to web api in cookie authentication based asp.net mvc project
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.