asp.net webapi ,使用owin授权验证,能获取到token,但是在访问api的时候,带上token后还是提示“已拒绝为此请求授权”
startup.cs 代码:
[assembly:OwinStartup(typeof(WebApi1.Startup))]
namespace WebApi1
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
HttpConfiguration config = new HttpConfiguration();
ConfigureOAuth(app);
WebApiConfig.Register(config);
//跨域机制
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(config);
}
public void ConfigureOAuth(IAppBuilder app)
{
OAuthAuthorizationServerOptions serverOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider=new ApplicationOAuthProvider()
};
app.UseOAuthAuthorizationServer(serverOptions);
}
}
}
自定义验证:
public class ApplicationOAuthProvider:OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
//return base.ValidateClientAuthentication(context);
await Task.Factory.StartNew(() => context.Validated());
}
/// <summary>
/// 客户端发送了用户名和密码,在这里验证,采用了ClaimsIdentity认证方式,可以把它看做一个NameValueCollection
/// 通过验证后发放Token
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
//return base.GrantResourceOwnerCredentials(context);
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
string userName = context.UserName;
string password = context.Password;
if (userName != "123" || password != "123")
{
//context.SetError("invalid_grant", "用户名或密码错误");
context.SetError("用户名或密码错误", "用户名或密码错误");
return;
}
ClaimsIdentity oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
int userId = 1;
AuthenticationProperties properties = CreateProperties(context.UserName, userId.ToString());
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
await base.GrantResourceOwnerCredentials(context);
}
/// <summary>
/// 附加信息到access_token中
/// </summary>
/// <param name="userName"></param>
/// <param name="userId"></param>
/// <returns></returns>
public static AuthenticationProperties CreateProperties(string userName, string userId)
{
IDictionary<string, string> data = new Dictionary<string, string>
{
{ "UserName",userName},
{ "UserId",userId}
};
return new AuthenticationProperties(data);
}
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
{
context.AdditionalResponseParameters.Add(property.Key, property.Value);
}
return Task.FromResult<object>(null);
//return base.TokenEndpoint(context);
}
}
controller 代码:
[Authorize]
public class TestController : ApiController
{
// GET api/
public IEnumerable Get()
{
return new string[] { "value1", "value2" };
}
}
测试结果:
不知道还缺少什么东西,请大家帮忙看看,谢谢!(悬赏有点少,全部身家就这么多啦)