我创建了一个 asp.net web api 应用程序。我已经实现了 OAuth 承载令牌生成。访问令牌生成良好。我正在使用邮递员在本地进行测试。问题是当我为另一个用户生成令牌时,授权被拒绝。
这是我的 AuthorizationServerProvaider
公共类 APIAuthorizationServerProvaider : OAuthAuthorizationServerProvider {
private readonly string _publicClientId;
public APIAuthorizationServerProvaider(string publicClientId)
{
if (publicClientId == null)
{
throw new ArgumentNullException("publicClientId");
}
_publicClientId = publicClientId;
}
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
if (context.ClientId == null)
context.Validated();
return Task.FromResult<object>(null);
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
AuthRepository authRepository = new AuthRepository();
bool Valid = authRepository.ValidateUser(context.UserName,
context.Password);
if (Valid)
{
var userName = authRepository.GetUsername(context.UserName);
var id = authRepository.GetID(context.UserName);
var claims = new List<Claim>()
{
new Claim(ClaimTypes.Name, userName),
new Claim("Id", id.ToString()),
};
var data = new Dictionary<string, string>
{
{ "userName", userName },
{ "id", id.ToString() },
};
var properties = new AuthenticationProperties(data);
ClaimsIdentity oAuthIdentity = new ClaimsIdentity(claims,
Startup.OAuthOptions.AuthenticationType);
var ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
}
else
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
}
public override Task ValidateClientRedirectUri
(OAuthValidateClientRedirectUriContext context)
{
if (context.ClientId == _publicClientId)
{
Uri expectedRootUri = new Uri(context.Request.Uri, "/");
if (expectedRootUri.AbsoluteUri == context.RedirectUri)
{
context.Validated();
}
}
return Task.FromResult<object>(null);
}
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
{
context.AdditionalResponseParameters.Add(property.Key, property.Value);
}
return Task.FromResult<object>(null);
}
public override Task GrantRefreshToken(OAuthGrantRefreshTokenContext context)
{
var newIdentity = new ClaimsIdentity(context.Ticket.Identity);
var newTicket = new AuthenticationTicket(newIdentity, context.Ticket.Properties);
context.Validated(newTicket);
return Task.FromResult<object>(null);
}
public interface IAuthenticationTokenProvider
{
void Create(AuthenticationTokenCreateContext context);
Task CreateAsync(AuthenticationTokenCreateContext context);
void Receive(AuthenticationTokenReceiveContext context);
Task ReceiveAsync(AuthenticationTokenReceiveContext context);
}
}
Start.cs
公开课启动 {
public void Configuration(IAppBuilder app)
{
ConfigureOAuth(app);
var config = new HttpConfiguration();
WebApiConfig.Register(config);
app.UseWebApi(config);
}
public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
public static string PublicClientId { get; private set; }
public const string TokenEndpointPath = "/api/token";
public void ConfigureOAuth(IAppBuilder app)
{
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString(TokenEndpointPath),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(10),
Provider = new APIAuthorizationServerProvaider(PublicClientId),
RefreshTokenProvider = new OAuthCustomRefreshTokenProvider(),
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie
};
app.UseOAuthAuthorizationServer(OAuthOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}