使用Asp.net Identity 2在Web api控制器中获取用户 - 未经过身份验证的用户

Question

我在我的新MVC 5项目中使用Asp.net Identity 2。经过大量工作后，我能够实现自己的自定义用户存储等，并在登录时对我的用户进行身份验证。但是，当我在Web API控制器中调用User.Identity.Name时，名称始终为null，并且用户未经过身份验证。我可以在请求对象中看到授权标头和cookie，但似乎没有授权。如果我添加＆＃34;授权＆＃34;属性，我被拒绝访问。

编辑： 这是OAuthProvider类：

public class MyOAuthProvider : OAuthAuthorizationServerProvider
{
    private readonly string publicClientId;
    private readonly Func<UserManager<CustomUser, int>> userManagerFactory;

    public MyOAuthProvider(string publicClientId, Func<UserManager<CustomUser, int>> userManagerFactory)
    {
        if (publicClientId == null)
        {
            throw new ArgumentNullException("publicClientId");
        }

        if (userManagerFactory == null)
        {
            throw new ArgumentNullException("userManagerFactory");
        }

        this.publicClientId = publicClientId;
        this.userManagerFactory = userManagerFactory;
    }

    public static AuthenticationProperties CreateProperties(CustomUser user, IEnumerable<string> roles)
    {
        //var roles = string.Join(",", user.Roles.Select(iur => iur.RoleId));             

        IDictionary<string, string> data = new Dictionary<string, string>
        {
            { "userName", user.UserName },
            { "userRoles", string.Join(",", roles.ToArray()) }
        };
        return new AuthenticationProperties(data);
    }

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {
        using (var userManager = this.userManagerFactory())
        {
            var user = await userManager.FindAsync(context.UserName, context.Password);

            if (user == null)
            {
                context.SetError("invalid_grant", "The user name or password is incorrect.");
                return;
            }

            ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user, context.Options.AuthenticationType);
            ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user, CookieAuthenticationDefaults.AuthenticationType);
            var roles = userManager.GetRoles(user.Id).ToArray();
            AuthenticationProperties properties = CreateProperties(user, roles);
            AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);

            context.Validated(ticket);
            context.Request.Context.Authentication.SignIn(cookiesIdentity);
        }
    }

    public override Task TokenEndpoint(OAuthTokenEndpointContext context)
    {
        foreach (var property in context.Properties.Dictionary)
        {
            context.AdditionalResponseParameters.Add(property.Key, property.Value);
        }

        return Task.FromResult<object>(null);
    }

    public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {
        // Resource owner password credentials does not provide a client ID.
        if (context.ClientId == null)
        {
            context.Validated();
        }

        return Task.FromResult<object>(null);
    }

    public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
    {
        if (context.ClientId == this.publicClientId)
        {
            var expectedRootUri = new Uri(context.Request.Uri, "/");

            if (expectedRootUri.AbsoluteUri == context.RedirectUri)
            {
                context.Validated();
            }
        }

        return Task.FromResult<object>(null);
    }
}

我可能做错了什么？