2

我在使用 web api 2 时遇到问题。

我正在使用 vs2015 并在 asp.net mvc 单页模板上开发了我的项目,该模板使用敲除和 sammy 通过owin中间件获取/授权身份。

当我通过默认单页 app.js 请求访问令牌时,效果很好,但如果我尝试通过邮递员 ( grant_type=password&username=admin@mail.com&password=1234) 获取令牌,则会返回invalid_cliend错误。

{
  "error": "invalid_client"
}

提供者:

public class ApplicationOAuthProvider : OAuthAuthorizationServerProvider
    {
        private readonly string _publicClientId;

        public ApplicationOAuthProvider(string publicClientId)
        {
            if (publicClientId == null)
            {
                throw new ArgumentNullException("publicClientId");
            }

            _publicClientId = publicClientId;
        }

        public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
        {
            if (context.ClientId == _publicClientId)
            {
                Uri expectedRootUri = new Uri(context.Request.Uri, "/");

                if (expectedRootUri.AbsoluteUri == context.RedirectUri)
                {
                    context.Validated();
                }
                else if (context.ClientId == "web")
                {
                    var expectedUri = new Uri(context.Request.Uri, "/");
                    context.Validated(expectedUri.AbsoluteUri);
                }
            }

            return Task.FromResult<object>(null);
        }

    }

启动.Auth:

static Startup()
        {
            PublicClientId = "web";

            OAuthOptions = new OAuthAuthorizationServerOptions
            {
                TokenEndpointPath = new PathString("/Token"),
                AuthorizeEndpointPath = new PathString("/Account/Authorize"),
                Provider = new ApplicationOAuthProvider(PublicClientId),
                //Provider = new AuthorizationServerProvider(),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
                AllowInsecureHttp = true
            };
        }

        public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }

        public static string PublicClientId { get; private set; }

我需要你的帮助。

4

2 回答 2

1

我认为当您想要使用密码类型的授权(grant_type=password)时,您必须覆盖 ValidateClientAuthentication 而不是 ValidateClientRedirectUri。

public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
    //here simply call context.Validated() or add your client id validation logic

}
于 2015-12-24T14:12:24.883 回答
0

其他人的解决方案:

public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
    context.Validated();
}

public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
    // set CORS
    context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });

    //validate to get access_token
    if (context.UserName == "admin@mail.com" && context.Password == "1234")
    {
        var identity = new ClaimsIdentity(context.Options.AuthenticationType);


        identity.AddClaim(new Claim("sub", context.UserName));
        identity.AddClaim(new Claim("role", "user"));

        context.Validated(identity);
    }
    else
    {
        context.SetError("invalid_grant", "Invalid username or password.");
    }
}
于 2015-12-24T15:55:24.030 回答