oauth web api调用返回403禁止

时间:2018-02-05 09:49:48

标签: asp.net-mvc asp.net-web-api oauth-2.0

我在我的mvc web api项目中实现了OAuth2。我得到了令牌,但是当我使用此令牌调用web api方法时,调用将返回403 forbidden.I也调用了相同的web api而没有令牌#s; s working.Here是我的令牌电话:

public override  Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
    AccountLogin LogCredentials = new AccountLogin();
    LogCredentials.UserName = context.UserName;
    LogCredentials.Password = context.Password;
    LogCredentials.IPAddress = "::1";

    string webHost = Convert.ToString(WebConfigurationManager.AppSettings["webHost"]);
    context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { webHost });

    ProviderLoginResponse providerLoginResponse = MembershipService.UserLogin(LogCredentials);
    if (providerLoginResponse.LoginStatus != "Y")
    {
        context.SetError("invalid_grant", "The user name or password is incorrect.");
        return Task.FromResult<object>(null);
    }

    var claims = new List<Claim>()
        {
                new Claim(ClaimTypes.Sid, Convert.ToString(providerLoginResponse.UserID)),
                new Claim(ClaimTypes.Name, providerLoginResponse.UserName),
                new Claim(ClaimTypes.Email, providerLoginResponse.UserEmail)
        };

    ClaimsIdentity oAuthIdentity = new ClaimsIdentity(claims,
                Startup.OAuthOptions.AuthenticationType);           

    AuthenticationProperties properties = CreateProperties(providerLoginResponse);

    AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
    context.Validated(ticket);
    return Task.FromResult<object>(null);
}

这是我的api方法:

[HttpGet]
[Route("GetColumn")]
public HttpResponseMessage GetColumn(HttpRequestMessage request)
{
    string tableName = "";
    HttpResponseMessage response = null;
    try
    {
       var clientList = _settingsService.GetColumns(tableName);
       response = request.CreateResponse(HttpStatusCode.OK, new APIResponse { Status = true, Data = clientList, Message = Messages.Saved_Success });
    }
    catch (Exception ex)
    {
        response = request.CreateResponse(HttpStatusCode.OK, new APIResponse { Status = false, Data = null, Message = ex.Message });
    }
    return response;
}

我的api电话是:

function GetColumn(data, cb) {
    var token = sessionStorage.getItem('accessToken');          

    var headers = {};
    if (token) {
        headers.Authorization = 'Bearer ' + token;
    }

    $.ajax({
        type: 'GET',
        url:  "api/Settings/GetColumn",
        headers: headers
    }).done(function (data) {
        cb(data);
    }).fail(function (Res) {
        cb(Res);
    });
};

我也通过传递授权令牌来尝试邮递员,但仍然得到了403.I我在网上搜索了这个问题,但没有什么能解决我的问题。为什么这样做?

0 个答案:

没有答案
相关问题
最新问题