我 一直在遵循oAuth授权的DotnetOPenAuth示例。
在OAuth2AuthorizeAttribute上的我总是得到“Missing Access Token”。 我一次又一次地检查我通过标头传递了访问令牌,它在请求对象中很好地设置了。
可能是什么原因?
这是代码
protected virtual bool IsAuthorized(HttpActionContext actionContext,out IPrincipal user) { var signingKey = ApplicationSettings.SigningKey(ApplicationSettings.KeyType.Public); var resourceKey = ApplicationSettings.ResoureKey(ApplicationSettings.KeyType.Private);
using (var signing = signingKey)
using (var resource = resourceKey)
{
base.OnAuthorization(actionContext);
// TODO FIXME dnoa doesn't support HttpRequestMessage - manually creating HttpRequestMessageProperty until they do
var request = new HttpRequestMessageProperty();
if (actionContext.Request.Headers.Authorization != null)
{
request.Headers[HttpRequestHeader.Authorization] =
actionContext.Request.Headers.Authorization.ToString();
}
else
{
request.Headers[HttpRequestHeader.Authorization] = null;
}
var requestUri = actionContext.Request.RequestUri;
var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(signing, resource));
try
{
user = resourceServer.GetPrincipal(request, requestUri, _oauth2Scopes);
return true;
}
catch (ProtocolFaultResponseException x)
{
user = null;
return false;
}
}
}
答案 0 :(得分:0)
我发现了问题。
在Authorization标头中,需要在访问令牌之前有文本Bearer,例如
Bearer gAAAALfeAiFpUFOY8bJggyQ