无法确定OWIN是否正在拦截客户端对api的请求 [英] Can't figure out if OWIN is intercepting requests to api from client

问题描述

我有一个使用OWIN中间件进行JWT身份验证的Asp.net webapi. 我的资源服务器和授权服务器相同.我能够从令牌端点获取令牌. ValidateClientAuthentication和GrantResourceOwnerCredentials方法成功命中. 但是，当我尝试访问受保护的(带有[Authorize]的api)(授权标头设置为不记名令牌)时，我只会收到此请求的授权已被拒绝".

I have an Asp.net webapi with JWT authentication using OWIN middle ware. My resource server and the authorization server are same. I am able to get the token from the token endpoint. ValidateClientAuthentication and GrantResourceOwnerCredentials methods are hit successfully. However when I try to access a protected(with [Authorize]) api (with authorization header set to bearer token) I only get "Authorization has been denied for this request".

我已经重写ValidateAuthorizeRequest方法，只是为了查看通过邮递员进行api调用时是否被击中.但是它从未被击中.

I have overridden ValidateAuthorizeRequest method just to see if it gets hit when the api call is made via Postman. However it is never hit.

我试图找出一种方法来查看OWIN是否正在拦截对api的调用，而不是对令牌终结点的调用.

I am trying to figure out a way to see if at all OWIN is intercepting calls to the api other than the calls to the token endpoint.

有什么方法或方法可以覆盖，以便我可以调试并查看请求在管道中的何处被拒绝以及为什么.

Is there any way or methods to override so that I can debug and see where in the pipeline the request is being rejected and why.

到目前为止，我是通过邮递员拨打电话并得到未经授权的回复.

As of now I make the call via Postman and get an unauthorized response.

任何帮助将不胜感激.

推荐答案

如果不看所做的事情就很难回答. 我想知道您是否正确地进行了接线.在启动类中，您可以定义提供程序和令牌格式，然后将应用程序设置为使用这些设置.这是一个示例:

this is difficult to answer without seeing what you've done. I am wondering if you have wired things up correctly. Startup class is where you define your Provider and Token format and then you set your application to use those settings. Here is an example:

public class Startup

    {    
        public void Configuration(IAppBuilder app)    
        {    
            var config = new HttpConfiguration();    
            config.MapHttpAttributeRoutes();    
            ConfigureOAuth(app);    
            app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);    
            app.UseWebApi(config);    
        }        

        public void ConfigureOAuth(IAppBuilder app)    
        {    
            int accessTokenExpiresInSeconds = ConfigurationHelper.GetAppSetting("AccessTokenExpirationInSeconds").ToInt();            
            var oAuthServerOptions = new OAuthAuthorizationServerOptions

            {    
                AllowInsecureHttp = true,

                TokenEndpointPath = new PathString(ConfigurationHelper.GetAppSetting("TokenEndPoint")),

                AccessTokenExpireTimeSpan = TimeSpan.FromSeconds(accessTokenExpiresInSeconds),

                Provider = new CustomOAuthProvider(),

                AccessTokenFormat = new CustomJwtFormat(ConfigurationHelper.GetAppSetting("TokenIssuer"))    
            };        

            app.UseOAuthAuthorizationServer(oAuthServerOptions);    
        }    
    }

如果这不是问题，那么您可以在OAuth2和JWT上使用我自己的文章，我有一个完整的示例说明如何设置所有内容，并且代码在GitHub上.希望它会指引您正确的方向:

If that's not the issue then you can use my own article on OAuth2 and JWT, I've got a full example on how to set everything up and the code is on GitHub. Hopefully it will guide you in the right direction:

https://eidand.com/2015/03/28/authorization-system-with-owin-web-api-json-web-tokens/

这篇关于无法确定OWIN是否正在拦截客户端对api的请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！