1

我正在使用 asp.net MVC 4.0 并使用DotNetOpenAuth库构建OAuth主机。我正在尝试在OAuthController中实现Authorize方法:

[Authorize, AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post)]
public ActionResult Authorise()
{
    using (OAuth2AuthorizationServer server = (new OAuth2AuthorizationServer(new X509Certificate2(ConfigurationManager.AppSettings["AbsolutePathToPfx"], ConfigurationManager.AppSettings["CertificatePassword"]), new X509Certificate2(ConfigurationManager.AppSettings["AbsolutePathToCertificate"]))))
    {
        AuthorizationServer authorizationServer = new AuthorizationServer(server);

        EndUserAuthorizationRequest pendingRequest = authorizationServer.ReadAuthorizationRequest();
        if (pendingRequest == null)
        {
            throw new HttpException((int) HttpStatusCode.BadRequest, "Missing authorization request.");
        }
        //**
    }
}

我得到了pendingRequest == null

我确定应该调用 inIClientDescription GetClient(string clientIdentifier)方法- 但实际上在我的情况下它不会调用。OAuth2AuthorizationServerReadAuthorizationRequest

有没有人有任何猜测为什么会这样?

4

2 回答 2

0

我已经弄清楚了问题。长话短说 - 客户没有正确实施。客户负责包含以下信息:

  • client_id
  • 重定向uri
  • 状态
  • 范围
  • 响应类型

并没有设置所有字段

于 2013-02-21T16:05:09.680 回答
0

如果您正在使用此处描述的代码示例:https ://github.com/DotNetOpenAuth/DotNetOpenAuth/wiki/Security-scenarios

以下是调用 OAuthController Auth() 操作的一些示例值:

- client_id=RP
- response_type=code
- redirect_uri=https://localhost/RP/Secure4ownAuthSvr/OAuth
- scope=http://localhost/demo
- state=""

您的电话将如下所示(使用 Fiddler):

GET
http://localhost/OAuth2/Auth?client_id=RP&response_type=code&redirect_uri=https://localhost/RP/Secure4ownAuthSvr/OAuth&state=&scope=http://localhost/demo

POST
http://localhost/OAuth2/Auth
Content-Type: application/x-www-form-urlencoded; charset=utf-8
client_id=RP&response_type=code&redirect_uri=https://localhost/RP/Secure4ownAuthSvr/OAuth&state=&scope=http://localhost/demo
于 2014-03-31T16:22:10.383 回答