.NET Web API 2 OWIN 不记名令牌认证 [英] .NET Web API 2 OWIN Bearer Token Authentication
问题描述
我正在我的 .NET Web 应用程序中实现 Web API 2 服务架构.消费请求的客户端是纯 javascript,没有 mvc/asp.net.我正在使用 OWIN 尝试根据这篇文章启用令牌身份验证 OWIN Bearer Token Authentication with Web API Sample.我似乎在授权后遗漏了身份验证步骤.
I'm implementing a Web API 2 service architecture in my .NET web application. The client consuming the requests is pure javascript, no mvc/asp.net. I'm using OWIN to try to enable token authentication per this article OWIN Bearer Token Authentication with Web API Sample. I seem to be missing something with the authentication step after its authorized.
我的登录看起来像:
[HttpPost]
[AllowAnonymous]
[Route("api/account/login")]
public HttpResponseMessage Login(LoginBindingModel login)
{
// todo: add auth
if (login.UserName == "a@a.com" && login.Password == "a")
{
var identity = new ClaimsIdentity(Startup.OAuthBearerOptions.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, login.UserName));
AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
var currentUtc = new SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(30));
DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
return new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new ObjectContent<object>(new
{
UserName = login.UserName,
AccessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket)
}, Configuration.Formatters.JsonFormatter)
};
}
return new HttpResponseMessage(HttpStatusCode.BadRequest);
}
它回来了
{
accessToken: "TsJW9rh1ZgU9CjVWZd_3a855Gmjy6vbkit4yQ8EcBNU1-pSzNA_-_iLuKP3Uw88rSUmjQ7HotkLc78ADh3UHA3o7zd2Ne2PZilG4t3KdldjjO41GEQubG2NsM3ZBHW7uZI8VMDSGEce8rYuqj1XQbZzVv90zjOs4nFngCHHeN3PowR6cDUd8yr3VBLdZnXOYjiiuCF3_XlHGgrxUogkBSQ",
userName: "a@a.com"
}
然后我尝试在 AngularJS 中的进一步请求上设置 HTTP 标头 Bearer
,例如:
Then I try to set the HTTP header Bearer
on further requests in AngularJS like:
$http.defaults.headers.common.Bearer = response.accessToken;
到像这样的 API:
[HttpGet]
[Route("api/account/profile")]
[Authorize]
public HttpResponseMessage Profile()
{
return new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new ObjectContent<object>(new
{
UserName = User.Identity.Name
}, Configuration.Formatters.JsonFormatter)
};
}
但无论我做什么,这项服务都是未经授权的".我在这里遗漏了什么吗?
but no matter what I do this service is 'unauthorized'. Am I missing something here?
推荐答案
通过设置 header 'Authorization' with Bearer + token 解决,例如:
Resolved by setting header 'Authorization' with Bearer + token like:
$http.defaults.headers.common["Authorization"] = 'Bearer ' + token.accessToken;
这篇关于.NET Web API 2 OWIN 不记名令牌认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!