我正在使用承载令牌身份验证构建Web API 2项目。
access_token的请求正在运行,但不是我的其他方法。 API返回以下内容:
没有OWIN身份验证管理器与请求相关联
完整回复讯息
{
"Message":"An error has occurred.",
"ExceptionMessage":"No OWIN authentication manager is associated with the request.",
"ExceptionType":"System.InvalidOperationException",
"StackTrace":" at System.Web.Http.Owin.PassiveAuthenticationMessageHandler.SuppressDefaultAuthenticationChallenges(HttpRequestMessage request)\r\n at System.Web.Http.Owin.PassiveAuthenticationMessageHandler.<SendAsync>d__0.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Web.Http.HttpServer.<SendAsync>d__0.MoveNext()"
}
Startup.cs
public partial class Startup
{
public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
static string PublicClientKey = "XXX";
public void ConfigureAuth(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientKey),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);
}
}
WebApiConfig.cs
public static void Register(HttpConfiguration config)
{
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "ControllerAndAction",
routeTemplate: "api/{controller}/{action}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
Global.asax中
public class WebApiApplication : System.Web.HttpApplication
{
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
}
}
我搜索了这个错误,发现有些人说它已通过以下方式解决:
<modules runAllManagedModulesForAllRequests="true">
Context.GetOwinContext()
代替Request.GetOwinContext()
Webconfig选项无效。
我有Host.SystemWeb包。
我没有在任何地方调用GetOwinContext。
有什么想法吗?
谢谢。
答案 0 :(得分:4)
如异常所示,缺少身份验证管理器。 为了解决这个问题,我会尝试在Startup.cs类中重新配置bearer token配置。
以这种方式试试
public void ConfigureAuth(IAppBuilder app)
{
app.UseCors(CorsOptions.AllowAll);
//You don't need these lines if you are using bearer token as the token is
//passed in the request header and not in the cookie
//app.UseCookieAuthentication(new CookieAuthenticationOptions());
//app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientKey),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
//Remove this part
//app.UseOAuthBearerTokens(OAuthOptions);
//And try to manually define the authorization server
//and the middleware to handle the tokens
app.UseOAuthAuthorizationServer(OAuthOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
<强>更新强>
所以问题似乎在于SupressDefaultHostAuthentication。 如果您没有在主机中运行,那么就不需要添加SupressDefaultHostAuthentication,因此请在WebApiConfig中删除它(有关详细信息,请参阅此答案的评论)。 Here's一篇关于该主题的好博客文章,更好地介绍了该课程。
答案 1 :(得分:0)
当我发布使用MVC 5的Web API 2模板构建的网站时,我遇到了这个问题,该网站具有对用户身份验证的个人用户身份验证。它在Visual Studio的IIS Express上本地运行良好,但在完整的IIS服务器上给了我 No OWIN身份验证管理器与请求错误相关联。
我的解决方案是在web.config中进行这些更改:
添加此密钥(我从this answer学到的):
<appSettings>
<add key="owin:AppStartup" value="[MyStartUpAssemblyNamespace].Startup, [MyAssemblyName]" />
...
</appSettings>
将我从this answer学到的<modules>
更改为<modules runAllManagedModulesForAllRequests="true">
。
答案 2 :(得分:0)
在App_Start文件夹中的脚手架WebApiConfig.cs文件中,您需要删除或注释掉以下几行:
//config.SuppressDefaultHostAuthentication();
//config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));