从 WPF 客户端访问安全的 Web API

Question

我有一个为 CORS 配置的 Web API 项目，并在其中一个 APIController 上实现 [Authorize]。当我删除 [Authorize] 时，我可以从 WPF 客户端访问 API，但是当它到位时，调用似乎丢失了。这是我为请求令牌而设置的。

在WPF代码后面

    internal void RefreshRecentFilesList()
    {
        //Get the token
        var token = GetAPIToken(email, password, "http://localhost:50006").Result;
        MessageBox.Show(token);
    }

    private static async Task<string> GetAPIToken(string userName, string password, string apiBaseUri)
    {
        using (var client = new HttpClient())
        {
            //setup client
            client.BaseAddress = new Uri(apiBaseUri);
            client.DefaultRequestHeaders.Accept.Clear();
            client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
            //client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", Token.AccessToken);

            //setup login data
            var formContent = new FormUrlEncodedContent(new[]
             {
             new KeyValuePair<string, string>("grant_type", "password"), 
             new KeyValuePair<string, string>("username", userName), 
             new KeyValuePair<string, string>("password", password), 
             });

            //send request
            HttpResponseMessage responseMessage = await client.PostAsync("/Token", formContent);

            //get access token from response body
            var responseJson = await responseMessage.Content.ReadAsStringAsync();
            var jObject = JObject.Parse(responseJson);
            return jObject.GetValue("access_token").ToString();
        }
    }

在 Web API 项目中 WebAPIConfig.cs

        //Enable CORS
        var cors = new EnableCorsAttribute("*", "*", "GET");
        config.EnableCors(cors);

在 API 控制器中

    [HttpGet]
    //[Authorize]
    public List<FileInfo> GetFileTypes()
    {
        List<FileInfo> fileInfos = new List<FileInfo>();
        ...

在 StartAuth.cs 中

public void ConfigureAuth(IAppBuilder app)
    {
        // Configure the db context and user manager to use a single instance per request
        app.CreatePerOwinContext(ApplicationDbContext.Create);
        app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);

        // Enable the application to use a cookie to store information for the signed in user
        // and to use a cookie to temporarily store information about a user logging in with a third party login provider
        app.UseCookieAuthentication(new CookieAuthenticationOptions());
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        // Configure the application for OAuth based flow
        PublicClientId = "self";
        OAuthOptions = new OAuthAuthorizationServerOptions
        {
            TokenEndpointPath = new PathString("/Token"),
            Provider = new ApplicationOAuthProvider(PublicClientId),
            AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
            // In production mode set AllowInsecureHttp = false
            AllowInsecureHttp = true
        };

        // Enable the application to use bearer tokens to authenticate users
        app.UseOAuthBearerTokens(OAuthOptions);

当我运行 WPF 并逐步执行代码时，它会到达发送请求行，然后就挂起。

谁能指点我正确的方向？

非常感谢

Answer 1

我认为你的问题的主要候选人是这一行：

var token = GetAPIToken(email, password, "http://localhost:50006").Result;

您正在调用async 方法，然后您正在同步等待其结果：这将导致死锁。永远不要那样做。

相反，将您的方法（以及整个调用堆栈）异步化。如果您在 WPF 中，您几乎可以肯定会从某种事件处理程序回调中调用此方法。这些回调支持async（即使它们必须返回void）。

将您的代码更改为与此类似的代码，然后重试（假设Form_Load 是事件处理程序回调）：

private async void Form_Load(object sender, EventArgs e)
{
    await RefreshRecentFilesList();
}

internal async Task RefreshRecentFilesList()
{
    //Get the token
    var token = await GetAPIToken(email, password, "http://localhost:50006");
    MessageBox.Show(token);
}

参考资料：
Why does this async action hang?
How to call asynchronous method from synchronous method in C#?

Answer 2

Federico Dipuma 解决方案的补充是使用构造函数调用 Form_Load

this.Loaded += new RoutedEventHandler(Form_Load);