我想在asp.net身份中启用Cookie身份验证和承载令牌。
在某种程度上,它可以正常工作,但是由于某种原因,正在生成cookie,但是不与cookie一起生成承载令牌。这导致我不得不使用Cookie在API级别进行身份验证。
我看了一个问题:Using bearer tokens and cookie authentication together ,这在一定程度上有所帮助,因为我正确地强迫我的API只使用Bearer令牌,但是所有API调用都返回401。
在我的Startup.Auth中,我有以下内容:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Logon"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => manager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie))
}
});
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/api/v1/auth/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new ApplicationOAuthProvider(PublicClientId)
};
// Token Generation
app.UseOAuthAuthorizationServer(OAuthOptions);
app.UseOAuthBearerTokens(OAuthOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
这很好用,因为它生成了Cookie,并且在调用/ auth / token时可以得到令牌,但是在正常的应用程序登录时我既没有获得cookie令牌也没有获得承载令牌。