【发布时间】:2016-07-01 13:59:11
【问题描述】:
我有一个项目,我将 MVC5 与 WebAPI 结合使用。身份验证使用 Owin。我想设置 Ninject 依赖解析器。我尝试了 MVC5 的灵魂,使用 Owin 的 MVC5,使用 Owin 的 WebApi 的 WebAPI。但我不能把它们结合起来。有人有 MVC5+WebApi+Owin+Ninject 捆绑包的步骤吗?
我在这里遵循的最后一个使其适用于 WebApi 的解决方案之一: https://github.com/ninject/Ninject.Web.Common/wiki/Setting-up-a-OWIN-WebApi-application
我添加了最新的 NuGet 包。 我的创业班:
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
var webApiConfiguration = new HttpConfiguration();
WebApiConfig.Register(webApiConfiguration);
app.UseNinjectMiddleware(CreateKernel).UseNinjectWebApi(webApiConfiguration);
ConfigureAuth(app);
}
private static StandardKernel CreateKernel()
{
var kernel = new StandardKernel();
kernel.Load(Assembly.GetExecutingAssembly());
return kernel;
}
}
WebApiConfig。我没有添加任何路由配置。在 Global.asax 中添加:
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
var webApiConfiguration = new HttpConfiguration();
app.UseNinjectMiddleware(CreateKernel).UseNinjectWebApi(webApiConfiguration);
ConfigureAuth(app);
}
private static StandardKernel CreateKernel()
{
var kernel = new StandardKernel();
kernel.Load(Assembly.GetExecutingAssembly());
return kernel;
}
}
带有路由的 WebApi(并在 Global.asax 中删除了路由注册)它也不起作用。在对任何 WebApi 的每个请求中,我都有 "{"Message":"Authorization has been denied for this request."}":
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
var webApiConfiguration = new HttpConfiguration();
// Web API configuration and services
// Configure Web API to use only bearer token authentication.
webApiConfiguration.SuppressDefaultHostAuthentication();
webApiConfiguration.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
webApiConfiguration.MapHttpAttributeRoutes();
webApiConfiguration.Routes.MapHttpRoute("DefaultApi", "api/{controller}/{action}/{id}", new { id = RouteParameter.Optional });
app.UseNinjectMiddleware(CreateKernel).UseNinjectWebApi(webApiConfiguration);
ConfigureAuth(app);
}
private static StandardKernel CreateKernel()
{
var kernel = new StandardKernel();
kernel.Load(Assembly.GetExecutingAssembly());
return kernel;
}
}
配置OAuth。我正在使用两种身份验证,一种基于 cookie,另一种基于 Tokne。一种适用于 WebApi,另一种适用于 MVC:
public void ConfigureAuth(IAppBuilder app)
{
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<UserManager, User>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager,DefaultAuthenticationTypes.ApplicationCookie))
}
});
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
}
还有我的 API 控制器。
[Authorize(Roles = "Admin")]
public class AdminPanelController : ApiController
{
private readonly IAdminPanelService _service;
public AdminPanelController(IAdminPanelService service)
{
_service = service;
}
}
我总是有一个例外,即 AdminPanelController 应该是无参数的。如果我向 WebApiConfig 添加任何路由,我将对 AdminPanelController 有相同的异常并且未授权给其他(尽管 Bearer Token 生成并传递给 WebApi 控制器)
【问题讨论】:
-
我有这个设置,它确实有效。当你说你不能将它们结合起来时,哪个部分不起作用?到目前为止你有什么?
-
@ngm。我更新了我的消息。能否请您审核一下。
标签: asp.net asp.net-web-api ninject owin asp.net-mvc-5