我希望我的Android应用程序与Oauth2保护的Asp.net WebApi2进行通信。我发现的所有样本只显示它是如何为网站完成的。 我能够从“/ token”端点获取访问令牌,并将此令牌添加到Autorization属性中的http头。但是,我总是得到:“此请求已被拒绝授权。”
My Startup Auth看起来像:
public partial class Startup
{
public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
public static string PublicClientId { get; private set; }
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new SimmpleApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
app.UseOAuthAuthorizationServer(OAuthOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
我的SimmpleApplicationOAuthProvider看起来像:
public class SimmpleApplicationOAuthProvider : OAuthAuthorizationServerProvider
{
private readonly string _publicClientId;
public SimmpleApplicationOAuthProvider(string publicClientId)
{
if (publicClientId == null)
{
throw new ArgumentNullException("publicClientId");
}
_publicClientId = publicClientId;
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim("sub", context.UserName));
identity.AddClaim(new Claim("role", "user"));
context.Validated(identity);
}
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
}
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API configuration and services
// Configure Web API to use only bearer token authentication.
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
// Enforce HTTPS
//config.Filters.Add(new LocalAccountsApp.Filters.RequireHttpsAttribute());
}
}
我正在使用Wireshark来分析网络流量。这是我的GET请求:
GET /LocalAccountsApp/api/values HTTP/1.1
Content-Type: application/json; charset=utf-8
Authorization: Bearer SXFPTU5Sb2JVZWh6M3ZIcEtMRzdiMVVZd3hleTBWbHI2eFZtR2xFSFJQT...
User-Agent: Dalvik/2.1.0 (Linux; U; Android 5.0; LG-D855 Build/LRX21R.A1421650137)
Host: 192.168.1.7
Connection: Keep-Alive
Accept-Encoding: gzip
我在“GrantResourceOwnerCredentials”中放置了一个断点,它被两次击中(对于/ token和/ api / values)。那我的电话在哪里被拒绝了?
答案 0 :(得分:-1)
OAuthBearerAuthenticationOptions 如果你删除一个然后看看是双倍