【发布时间】:2015-01-13 19:02:23
【问题描述】:
我有一个混合的 MVC 5 和 Web Api 2 应用程序。 用户获得不记名令牌进行身份验证。
在localhost:123456 和somedomain.com 上,它按预期运行。
但是当我将它部署到相同的 VPS/IIS 并在像app.someotherdomain.com 这样的子域上运行它时,突然所有具有[Authorize] 属性的控制器都会给出“授权已被拒绝这个请求。”
我已经阅读了很多建议,因此我还尝试添加一个默认的 Claims 角色以查看效果,但仍然是同样的错误。
Startup.Auth.cs
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and role manager to use a single instance per request
app.CreatePerOwinContext(AppDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
var OAuthServerOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new SimpleAuthorizationServerProvider()
};
app.UseOAuthBearerTokens(OAuthServerOptions);
}
WebApiConfig.cs
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
// add global authorization filter
config.Filters.Add(new ClaimsAuthorizeAttribute());
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
}
}
SimpleAuthorizationServerProvider.cs
public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>();
string userId;
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
using (AuthRepository _repo = new AuthRepository())
{
IdentityUser user = await _repo.FindUser(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
userId = user.Id;
}
ClaimsIdentity identity = new ClaimsIdentity(context.Options.AuthenticationType);
var roles = userManager.GetRoles(userId);
identity.AddClaim(new Claim(ClaimTypes.Role, "User"));
foreach (var role in roles)
{
identity.AddClaim(new Claim(ClaimTypes.Role, role));
}
identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userId));
context.Validated(identity);
}
}
Startup.cs
public partial class Startup
{
public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; private set; }
#region Methods
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);
app.UseCors(CorsOptions.AllowAll);
app.UseWebApi(config);
}
#endregion Methods
}
Global.asax.cs
public class MvcApplication : HttpApplication
{
#region Methods
public IUnityContainer Container;
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
GlobalConfiguration.Configure(WebApiConfig.Register);
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
AutoMapperBootstrapper.Initialize();
Mapper.AssertConfigurationIsValid();
}
}
【问题讨论】:
标签: asp.net-mvc asp.net-web-api2 owin access-token access-denied