我得到的"授权已被拒绝了这个请求:QUOT。在使用错误信息OWIN OAuth的中间件(带独立验证和资源服务器) [英] I get "Authorization has been denied for this request." error message when using OWIN oAuth middleware (with separate Auth and Resource Server)
问题描述
我试图去耦我的身份验证和资源服务器。我下面这个教程中提供的示例:
I am attempting to decouple my auth and resource server. I am following the example provided in this tutorial:
<一个href=\"http://bitoftech.net/2014/09/24/decouple-owin-authorization-server-resource-server-oauth-2-0-web-api/\">http://bitoftech.net/2014/09/24/decouple-owin-authorization-server-resource-server-oauth-2-0-web-api/
这是我的Startup.cs code在我的auth服务器:
This is the code in my Startup.cs in my auth server:
using Microsoft.Owin;
using Microsoft.Owin.Security.OAuth;
using Owin;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace AuthServer.Web
{
public class Startup
{
public void Configuration(IAppBuilder app) {
ConfigureOAuth(app);
}
public void ConfigureOAuth(IAppBuilder app)
{
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new SimpleAuthorizationServerProvider()
};
// Token Generation
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
}
这是在我的资源服务器的startup.cs(即我的示例Web API应用程序):
This is the startup.cs in my resource server (i.e. my sample Web api application):
using Microsoft.Owin.Security.OAuth;
using Owin;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
namespace AuthTestApi.Web
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
}
}
}
当我发布如下要求的\\令牌我的认证服务器端点我成功地获得令牌:
When I post the following request to the "\token" endpoint of my auth server I sucessfully receive a token:
{
access_token: "PszrzJUtQUhX42GMryWjZiVHuKiJ9yCVH_1tZURumtC5mTj2tpuRDF3tXcN_VNIYuXY40IG0K7W3KASfJ9DlNIU2jMOkL2U5oEAXLNRRQuNYdEJ7dMPb14nW19JIaM4BMk00xfQ8MFRw0p6-uoh0-e-Q6iAiTwDNN3F7bYMF9qm874qhLWEcOt6dWQgwpdDUVPDi7F07-Ck0zAs48Dg5w4q93vDpFaQMrziJg9aaxN8",
token_type: "bearer",
expires_in: 86399
}
当我发布如下要求我的控制器我收到授权已被拒绝了这个请求的错误信息?
When I post the following request to my controller I receive the "Authorization has been denied for this request" error message?
GET /api/Test HTTP/1.1
Host: localhost:63305
Accept: application/json
Content-Type: application/json
Authorization: Bearer PszrzJUtQUhX42GMryWjZiVHuKiJ9yCVH_1tZURumtC5mTj2tpuRDF3tXcN_VNIYuXY40IG0K7W3KASfJ9DlNIU2jMOkL2U5oEAXLNRRQuNYdEJ7dMPb14nW19JIaM4BMk00xfQ8MFRw0p6-uoh0-e-Q6iAiTwDNN3F7bYMF9qm874qhLWEcOt6dWQgwpdDUVPDi7F07-Ck0zAs48Dg5w4q93vDpFaQMrziJg9aaxN8
Cache-Control: no-cache
Postman-Token: aeca8515-70b1-ef2c-f317-bf66136dccab
我的身份验证服务器和资源/网络API项目正处于不同的解决方案,并在不同端口上运行(......不知道如果该事项,但认为Id提到它)。
My auth server and resource / web api projects are in different solutions and are running on different ports (...not sure if that matters but thought Id mention it).
在这一点上,这些项目2项正在使用OAuth OWIN中间件(并且具有非常小的定制code)。中间件是黑盒有点,只是需要弄清楚为什么我收到此错误信息的一些帮助。
At this point these 2 projects are making use of oAuth OWIN middleware (and has very little custom code). The middleware is blackbox somewhat and just need some assistance in figuring out why I am receiving this error message.
另外请注意,我在那些在在不同的端口上运行不同的VS 2013的解决方案两个Visual Studio的2013 Web应用程序项目中运行的两台服务器。我不知道如果该事项,但想到我会提到它。
先谢谢了。
推荐答案
我面临正好在过去几天同样的问题,虽然我是主持人在同一台机器(不同端口)两个应用程序,但它没有工作没有加法机键都web.config文件中和确保是安装在两个应用程序相同的程序包的版本号
I was facing exactly the same problem in the last couple of days, although I host both application on the same machine (different ports) but it didn't work without adding machine key both web.config files and make sure that the same packages version number installed in both applications
这篇关于我得到的&QUOT;授权已被拒绝了这个请求:QUOT。在使用错误信息OWIN OAuth的中间件(带独立验证和资源服务器)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
