GrantResourceOwnerCredentials没有开火

时间:2016-07-19 13:18:47

标签: asp.net asp.net-mvc token owin

我继承自OAuthAuthorizationServerProvider并按以下方式覆盖:

    public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {
        context.OwinContext.Set<string>("oauth:client", "test");

        context.Validated("blah");
        return Task.FromResult<object>(null);

    }

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {

        context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });

        //using (AuthRepository _repo = new AuthRepository())
        //{
        //    IdentityUser user = await _repo.FindUser(context., context.Password);

        //    if (user == null)
        //    {
        //        context.SetError("invalid_grant", "The user name or password is incorrect.");
        //        return;
        //    }
        //}

        var identity = new ClaimsIdentity(context.Options.AuthenticationType);
        identity.AddClaim(new Claim("sub", context.UserName));
        identity.AddClaim(new Claim("role", "user"));

        context.Validated(identity);

    }

    public override Task MatchEndpoint(OAuthMatchEndpointContext context)
    {
        if (context.IsTokenEndpoint)
        {
            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Methods", new[] { "POST" });
            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Headers", new[] { "accept", "authorization", "content-type" });
            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
            context.OwinContext.Response.StatusCode = 200;
            context.RequestCompleted();

            return Task.FromResult<object>(null);
        }

        return base.MatchEndpoint(context);
    }
    public override Task TokenEndpoint(OAuthTokenEndpointContext context)
    {
        foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
        {
            context.AdditionalResponseParameters.Add(property.Key, property.Value);
        }

        return Task.FromResult<object>(null);
    }
    public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
    {

            Uri expectedRootUri = new Uri(context.Request.Uri, "/");

            if (expectedRootUri.AbsoluteUri == context.RedirectUri)
            {
                context.Validated();
            }


        return Task.FromResult<object>(null);
    }

我的创业公司看起来像这样:

    public void Configuration(IAppBuilder app)
    {

        var config = new HttpConfiguration();
        config.Formatters.Clear();
        config.Formatters.Add(new JsonMediaTypeFormatter());
        config.Formatters.JsonFormatter.SerializerSettings =
            new JsonSerializerSettings
            {
                ContractResolver = new CamelCasePropertyNamesContractResolver()
            };
        this.ConfigureOAuth(app);

        WebApiConfig.Register(config);
        app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
        app.UseWebApi(config);
    }
    public void ConfigureOAuth(IAppBuilder app)
    {

        OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
            Provider = new xyzReportingAutherizationServerProvider()
        };

        // Token Generation
        app.UseOAuthAuthorizationServer(OAuthServerOptions);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

        app.UseOAuthBearerAuthentication
        (
            new OAuthBearerAuthenticationOptions
            {
                Provider = new OAuthBearerAuthenticationProvider()
            }
        );

    }

知道为什么GrantResourceOwnerCredentials没有解雇?目前的目标是生成访问令牌以供将来使用。被调用的身份验证是自定义的。 (它是服务器到服务器,共享私钥)

这就是我所说的:

Postman

1 个答案:

答案 0 :(得分:0)

问题在于

public override Task MatchEndpoint(OAuthMatchEndpointContext context)
{
    ....
    context.RequestCompleted();
    ....
 }

实际上就在那时结束了回应。删除该行就可以了。

相关问题
最新问题