Cookie身份验证也不会生成承载令牌

时间:2019-04-20 09:00:42

标签: asp.net-mvc authentication cookies asp.net-web-api2 asp.net-identity

我想在asp.net身份中启用Cookie身份验证和承载令牌。

在某种程度上,它可以正常工作,但是由于某种原因,正在生成cookie,但是不与cookie一起生成承载令牌。这导致我不得不使用Cookie在API级别进行身份验证。

我看了一个问题:Using bearer tokens and cookie authentication together ,这在一定程度上有所帮助,因为我正确地强迫我的API只使用Bearer令牌,但是所有API调用都返回401。

在我的Startup.Auth中,我有以下内容:

        app.UseCookieAuthentication(new CookieAuthenticationOptions
        {
            AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
            LoginPath = new PathString("/Account/Logon"),
            Provider = new CookieAuthenticationProvider
            {
                // Enables the application to validate the security stamp when the user logs in.
                // This is a security feature which is used when you change a password or add an external login to your account.  
                OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
                    validateInterval: TimeSpan.FromMinutes(30),
                    regenerateIdentity: (manager, user) => manager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie))
            }
        });

        PublicClientId = "self";
        OAuthOptions = new OAuthAuthorizationServerOptions()
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/api/v1/auth/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
            Provider = new ApplicationOAuthProvider(PublicClientId)
        };

        // Token Generation
        app.UseOAuthAuthorizationServer(OAuthOptions);
        app.UseOAuthBearerTokens(OAuthOptions);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

这很好用,因为它生成了Cookie,并且在调用/ auth / token时可以得到令牌,但是在正常的应用程序登录时我既没有获得cookie令牌也没有获得承载令牌。

0 个答案:

没有答案