【发布时间】:2015-10-31 17:38:08
【问题描述】:
我希望我的 android 应用与受 Oauth2 保护的 Asp.net WebApi2 通信。我发现的所有样本都只显示了它是如何为网站完成的。 我能够从“/token”端点获取访问令牌,并将此令牌添加到 Autorization 属性中的 http 标头。但是,我总是收到:“此请求的授权已被拒绝。”
我的启动验证看起来像:
public partial class Startup
{
public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
public static string PublicClientId { get; private set; }
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new SimmpleApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
app.UseOAuthAuthorizationServer(OAuthOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
我的 SimmpleApplicationOAuthProvider 看起来像:
public class SimmpleApplicationOAuthProvider : OAuthAuthorizationServerProvider
{
private readonly string _publicClientId;
public SimmpleApplicationOAuthProvider(string publicClientId)
{
if (publicClientId == null)
{
throw new ArgumentNullException("publicClientId");
}
_publicClientId = publicClientId;
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
context.Validated(identity);
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
}
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
// Configure Web API to use only bearer token authentication.
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
// Enforce HTTPS
//config.Filters.Add(new LocalAccountsApp.Filters.RequireHttpsAttribute());
}
}
我正在使用 Wireshark 分析网络流量。这是我的 GET 请求:
GET /LocalAccountsApp/api/values HTTP/1.1
Content-Type: application/json; charset=utf-8
Authorization: Bearer SXFPTU5Sb2JVZWh6M3ZIcEtMRzdiMVVZd3hleTBWbHI2eFZtR2xFSFJQT...
User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.0; LG-D855 Build/LRX21R.A1421650137)
Host: 192.168.1.7
Connection: Keep-Alive
Accept-Encoding: gzip
我在“GrantResourceOwnerCredentials”中放置了一个断点,它被命中两次(对于 /token 和 /api/values)。那么我的电话在哪里被拒绝?
【问题讨论】:
-
嗯..你能在
HostAuthenticationFilter里面放一个断点看看里面发生了什么吗? -
我没有自定义 HostAuthenticationFilter 只有这个:config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType)); -> OAuthDefaults.AuthenticationType = "承载者"
-
从中派生一个包装器,我们想确定它是否得到了
标签: asp.net-mvc asp.net-mvc-4 asp.net-web-api oauth-2.0 asp.net-web-api2