我已将Resourse服务器与授权服务器分离,我可以从我的授权中获取访问令牌,但是当我尝试访问资源服务器上的受保护资源时,我总是得到“此请求已拒绝授权”。我已经遵循了一些可行的解决方案和建议,以确保我的owin midleware引用对于我的资源和authozation是相同的,但仍然没有胜利;
这是我的StartUp(资源服务器)
[assembly: OwinStartupAttribute(typeof(NetAppWeb.Startup))]
namespace NetAppWeb
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(config); // wire the web api to the owin server
}
private void ConfigureOAuth(IAppBuilder app)
{
//Token Consumption
//we are configuring the Resource Server to accept (consume only) tokens with bearer scheme
app.UseOAuthBearerAuthentication(new
{
});
}
}
}
StartUp.cs (Authorization Server)
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureOAuth(app);
HttpConfiguration config = new HttpConfiguration();//configure API routes
WebApiConfig.Register(config);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(config); //wires up Asp.Net Web Api to owin Server
}
public void ConfigureOAuth(IAppBuilder app)
{
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), //1 day
Provider = new SimpleAuthorizationServerProvider()
};
// Token Generation
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}