webapi 采用Owin认证, 提示{"Message":"已拒绝为此请求授权。"}错误。
0
悬赏园豆:50
[待解决问题]
/// <summary> /// /// </summary> public class Startup { public void Configuration(IAppBuilder app) { app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions() { AccessTokenProvider = new AuthenticationTokenProvider() { OnCreate = (context) => { }, OnCreateAsync = (context) => { var d = context; return Task.FromResult(0); }, OnReceive = (context) => { var d = context; }, OnReceiveAsync = (context) => { //这里可以解析自定义Token //var d = context; //var identity = new ClaimsIdentity(new GenericIdentity("测试", OAuthDefaults.AuthenticationType)); //AuthenticationProperties properties = new AuthenticationProperties(); //properties.Dictionary.Add("userName", "测试"); //AuthenticationTicket ticket = new AuthenticationTicket(identity, properties); //context.SetTicket(ticket); return Task.FromResult(0); } }, Provider = new OAuthBearerAuthenticationProvider() { OnRequestToken = (context) => { string token = context.Token; return Task.FromResult(0); }, OnValidateIdentity = (context) => { return Task.FromResult(0); } } }); } }
startup.cs文件如上。
无法获取得到this.Principal.Identity.Name,
访问如:
[Authorize]
// GET api/values
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
方法,报{"Message":"已拒绝为此请求授权。"}错误。
不知道哪里需要做十么配置?
所有回答(4)
2
我也是今天才了解到OWIN,VS新建个WebAPI项目遇到这问题。
OWIN认证方式我还不熟,但此方法我能够测试成功了。
我的解决办法是:Controller加上[AllowAnonymous]特性,或将[Authorize]特性取消,在运行浏览器中输入localhost:6980/api/values/就能有结果了。
[Authorize]结合OWIN的使用,可在项目Provider文件夹下的类ApplicationOAuthProvider中找出些蹊跷。。
而未授权的错误提示实现在Results文件夹下ChallengeResult类中的ExecuteAsync方法中。我这也不太懂,你写的代码我也看不太懂,Controller加了[Authorize],新的WebAPI有采用了新的验证方式,是不是要提供界面进行账号注册,然后才能Get Method的资料呢?不懂啊啊。还在研究中
0
权限不够
0
请求localhost:6980/api/values需要带上Token
获取Token:localhost:6980/token
参考以下代码:
1 using System; 2 using System.Collections.Generic; 3 using System.Net.Http; 4 using System.Net.Http.Headers; 5 using System.Text; 6 using System.Threading.Tasks; 7 8 namespace OAuthClientTest 9 { 10 public class OAuthClientTest 11 { 12 private HttpClient _httpClient; 13 14 public OAuthClientTest() 15 { 16 _httpClient = new HttpClient(); 17 _httpClient.BaseAddress = new Uri("http://localhost:13655"); 18 } 19 20 public string Call_WebAPI_By_Access_Token() 21 { 22 var token = Get_Accesss_Token_By_Client_Credentials_Grant(); 23 _httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); 24 return _httpClient.GetStringAsync("/api/values").Result; 25 } 26 27 public string Get_Accesss_Token_By_Client_Credentials_Grant() 28 { 29 var parameters = new Dictionary<string, string>(); 30 parameters.Add("client_id", "1234"); 31 parameters.Add("client_secret", "5678"); 32 parameters.Add("grant_type", "client_credentials"); 33 34 return _httpClient.PostAsync("/token", new FormUrlEncodedContent(parameters)) 35 .Result.Content.ReadAsStringAsync().Result; 36 } 37 38 // 使用Basic Authentication传递clientId与clientSecret 39 public void Get_Accesss_Token_By_Client_Credentials_Grant2() 40 { 41 var clientId = "1234"; 42 var clientSecret = "5678"; 43 _httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue( 44 "Basic", 45 Convert.ToBase64String(Encoding.ASCII.GetBytes(clientId + ":" + clientSecret))); 46 47 var parameters = new Dictionary<string, string>(); 48 parameters.Add("grant_type", "client_credentials"); 49 50 Console.WriteLine(_httpClient.PostAsync("/token", new FormUrlEncodedContent(parameters)) 51 .Result.Content.ReadAsStringAsync().Result); 52 } 53 } 54 }
0
返回的是 {"Message":"已拒绝为此请求授权。"},我想返回自己定义格式的数据,怎么做?
