4

我怎样才能拒绝一个身份?我的类继承自 OAuthBearerAuthenticationProvider 并且我覆盖了 ValidateIdentity?

我试过设置 context.Rejected(); 或 context.SetError(); 并抛出异常,但我的控制器仍然被调用。OAuthBearerAuthenticationHandler 确实调用了我的类,所以我知道我的设置正确。

我当前失败的代码

        public void ConfigureAuth ( IAppBuilder app )
        {
            // Enable the application to use a cookie to store information for the signed in user
            // and to use a cookie to temporarily store information about a user logging in with a third party login provider
            app.UseCookieAuthentication(new CookieAuthenticationOptions());
            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

            // Enable the application to use bearer tokens to authenticate users
            app.UseOAuthBearerAuthentication ( new OAuthBearerAuthenticationOptions ()
            {
                Provider = new OAuthBearerAuthenticationProvider ()
                {
                    OnValidateIdentity = async ctx => { ctx.Rejected (); }
                }
            } );
            app.UseOAuthBearerTokens(OAuthOptions);
}
4

1 回答 1

3

我无法重现这个问题。你能检查你的 OnValidateIdentity 实现是否相同?

        OAuthBearerOptions = new OAuthBearerAuthenticationOptions()
        {
            Provider = new OAuthBearerAuthenticationProvider
            {
                OnValidateIdentity = async ctx =>
                    {
                        ctx.Rejected();
                    }
            }
        };
于 2013-10-24T17:02:23.277 回答