错误401未经授权。如何使用不同的URL同样的道理？ [英] Error 401 Unauthorized. How to Use the same token for different Urls?

问题描述

在ASP.Net身份使用的OAuth2令牌，一旦用户通过验证发帖用户和密码被创建。

In ASP.Net Identity using Oauth2 a token is created once the user is authenticated posting User and Password.

使得从一个API的行动电话之前，用户必须请求令牌：

Before making a call to an action from one API, the user must ask for a token:

http://mysite/auth/token

在令牌被接收，所有的Web API调用可以做，送

Once the token is received, all Web Api calls can be done, sending the

授权：承载＆LT;令牌GT; 标题：

GET http://mysite/auth/product/1
PUT http://mysite/auth/client/42

我有使用集中式安全系统进行验证多个Web API的
问题是，我收到Unauthorizaed（401），当我尝试调用不同的API（具有不同的URL）。例如：

I have several Web Apis that use a centralised Security System for Authentication, the problem is that I receive Unauthorizaed (401) when I try to call different Api (with different URL). For example:

GET http://mysite/myapi/product/1

如果安全是集中两种API正在使用的身份验证相同的用户数据库，我怎么可以使用不同的URL同样的道理？

If the Security is centralised and both APIs are using the same Users Database for Authentication, how can I use the same token for different Urls?

推荐答案

最后我找到了解决方案添加相同的的machineKey 的两个Web.config文件中标记：

Finally I found the solution adding the same machineKey tag in both Web.config files:

<system.web>
...
<machineKey validationKey="57B449BBA8F9E656087FF7848727E122C5F5966F65AC0FC25FB3532193B59CFCD13B370883FFC184C1F1500638F33E6F67B37CAED1D9BC65BBC6CFFB232BFD0B" decryptionKey="6D9FBE88D16B3FA5B5E6B37460BBE50DA85D5B4C482159006B5A337C58AA9E79" validation="SHA1" decryption="AES" />
...
</system.web>

作为建议的接受的答案<一个href=\"http://stackoverflow.com/questions/20623313/owin-multi-app-bearer-token-authentication\">here使用的machineKey发生器。

as is suggested on the accepted answer here using a machineKey generator.

从文档：

共享身份验证票证跨应用程序结果
  如果你需要一个单一的登录跨位于不同的多个应用工作
  虚拟目录，您需要共享一个共同的身份验证票证。
  要配置一个共同的身份验证票证，必须手动进行
  生成的validationKey和decryptionKey值，并确保每个
  应用分享这些值。如果你想分享各地的机票
  服务器上的所有应用程序，可以设置在这些手动值
   元素机器级别的Web.config文件。分享
  跨特定应用程序的门票，您可以使用
  与共同的validationKey和decryptionKey值元素
  有关应用程序的Web.config文件。

Sharing Authentication Tickets Across Applications
If you need a single logon to work across multiple applications located in separate virtual directories, you need to share a common authentication ticket. To configure a common authentication ticket, you must manually generate validationKey and decryptionKey values and ensure that each application shares these values. If you want to share tickets across all applications on your server you can set these manual values on the element in the machine level Web.config file. To share tickets across specific applications, you can use a element with common validationKey and decryptionKey values in the relevant application's Web.config files.

更新 - 安全警告

安全警告

有，将产生一个元素很多网站
  你用按钮的点击。切勿使用元素
  你从这些网站获得。这是不可能知道是否
  这些键被安全地创建或如果他们被记录到一个
  秘密数据库。您应该只曾经使用的配置
  你自己创建的元素。

There are many web sites that will generate a element for you with the click of a button. Never use a element that you obtained from one of these sites. It is impossible to know whether these keys were created securely or if they are being recorded to a secret database. You should only ever use configuration elements that you created yourself.

阅读附录A的链接知道如何产生你自己的machineKey元素。

Read the Appendix A on the link to know how to generate your own machineKey element.

这篇关于错误401未经授权。如何使用不同的URL同样的道理？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！