堆棧內存溢出
  簡體   English   中英

OAuth承載令牌不適用於WebApi

[英]OAuth Bearer Token Not Working for WebApi

 原文  2018-03-14 11:12:38       c#/ asp.net-web-api/ oauth/ owin

問題描述

我已經閱讀了很多文檔,但是看來我的問題很奇怪。 我已經配置了Oauth,但無法獲取承載令牌。 每當我點擊api來獲取令牌時,我都會得到200但沒有任何響應(我期望不記名令牌)。 下面是配置: 

 public partial class Startup
{
    public void ConfigureAuth(IAppBuilder app)
    {
        OAuthAuthorizationServerOptions oAuthOptions = new OAuthAuthorizationServerOptions
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(20),
            Provider = new ApplicationOAuthProvider()
        };
        app.UseOAuthAuthorizationServer(oAuthOptions);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
        {
            Provider = new OAuthBearerAuthenticationProvider()
        });

        HttpConfiguration config = new HttpConfiguration();
        //config.Filters.Add(new );
        //config.MapHttpAttributeRoutes();
        // There can be multiple exception loggers. (By default, no exception loggers are registered.)
        //config.Services.Replace(typeof(IExceptionHandler), new GlobalExceptionHandler());
        WebApiConfig.Register(config);
        //enable cors origin requests
        app.UseCors(CorsOptions.AllowAll);
        app.UseWebApi(config);            
    }
}


 public static class WebApiConfig
{
    /// <summary>
    /// 
    /// </summary>
    /// <param name="config"></param>
    public static void Register(HttpConfiguration config)
    {
        // Web API configuration and services
        // Configure Web API to use only bearer token authentication.
        config.SuppressDefaultHostAuthentication();
        config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));

        // Web API routes
        config.MapHttpAttributeRoutes();
        config.Filters.Add(new HostAuthenticationAttribute("bearer")); //added this
        config.Filters.Add(new AuthorizeAttribute());
        config.Routes.MapHttpRoute("DefaultApi", "api/{controller}/{id}", new { id = RouteParameter.Optional }
        );

        var jsonFormatter = config.Formatters.OfType<JsonMediaTypeFormatter>().First();
        jsonFormatter.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver();

    }

public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider
{
    public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {
        context.Validated();
    }

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {
        var form = await context.Request.ReadFormAsync();
        if (myvalidationexpression)
        {
            var identity = new ClaimsIdentity(context.Options.AuthenticationType);
            identity.AddClaim(new Claim(ClaimTypes.Role, "AuthorizedUser"));
            context.Validated(identity);
        }
        else
        {
            context.SetError("invalid_grant", "Provided username and password is incorrect");
        }
    }
}

現在,當我啟動APi並按/ token時,如下所示:

API請求

2 個解決方案

解決方案1
 2  2018-03-14 12:53:20

我認為您在WebApiConfig.cs中編寫的用於禁止主機身份驗證的代碼以及其他一些代碼正在造成此問題。 我有一個在Web API中生成承載令牌的工作示例,該示例可以正常工作並生成令牌。

WebApiConfig.cs文件代碼: 

      public static class WebApiConfig
        {
            public static void Register(HttpConfiguration config)
            {
                // Web API configuration and services

                // Web API routes
                config.MapHttpAttributeRoutes();

                config.Routes.MapHttpRoute(
                    name: "DefaultApi",
                    routeTemplate: "api/{controller}/{id}",
                    defaults: new { id = RouteParameter.Optional }
                );
            }
        }

Startup.cs代碼: 

[assembly: OwinStartup(typeof(WebAPI.Startup))]
namespace WebAPI
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            HttpConfiguration config = new HttpConfiguration();
            ConfigureOAuth(app);
            WebApiConfig.Register(config);
            app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);


        }
        public void ConfigureOAuth(IAppBuilder app)
        {
            OAuthAuthorizationServerOptions
             OAuthServerOptions = new OAuthAuthorizationServerOptions()
             {
                 AllowInsecureHttp = true,
                 TokenEndpointPath = new PathString("/token"),
                 AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(60),
                 Provider=new ApplicationOAuthProvider(),
                 //AuthenticationMode = AuthenticationMode.Active
             };
            app.UseOAuthAuthorizationServer(OAuthServerOptions);
            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions {
                Provider = new OAuthBearerAuthenticationProvider()
            }
            );
        }
    }
}

控制器在請求中添加承載令牌后檢查授權調用。 

 public class TokenTestController : ApiController
    {
        [Authorize]
        public IHttpActionResult Authorize()
        {
            return Ok("Authorized");
        }

    }

解決方案2
 0  2019-05-01 05:09:06

安裝以下軟件包

Microsoft.Owin.Host.SystemWeb

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 OAuth承載令牌無效 Owin Bearer令牌不適用於WebApi Webapi 獲取不記名令牌 使用 OAuth 令牌生成 WebApi 將更多數據返回給帶有不記名令牌的客戶端 使用 webAPI 承載令牌的 SignalR 身份驗證 在 ASP.NET WebAPI 中檢索不記名令牌 雖然Owin WebAPI Bearer Token通過了 使用C#的OAuth Bearer令牌實現 在c#中手動解碼OAuth承載令牌 OAuth Bearer令牌認證未通過簽名驗證
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM