我怎样才能拒绝一个身份?我的类继承自 OAuthBearerAuthenticationProvider 并且我覆盖了 ValidateIdentity?
我试过设置 context.Rejected(); 或 context.SetError(); 并抛出异常,但我的控制器仍然被调用。OAuthBearerAuthenticationHandler 确实调用了我的类,所以我知道我的设置正确。
我当前失败的代码
public void ConfigureAuth ( IAppBuilder app )
{
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerAuthentication ( new OAuthBearerAuthenticationOptions ()
{
Provider = new OAuthBearerAuthenticationProvider ()
{
OnValidateIdentity = async ctx => { ctx.Rejected (); }
}
} );
app.UseOAuthBearerTokens(OAuthOptions);
}