Owin身份令牌身份验证令牌端点响应404
问题描述:
我一直在尝试使用OWIN和asp.net身份和实体框架将基于令牌的身份验证添加到我的应用程序。但是,当我尝试通过令牌端点路径获取我的令牌时,我得到一个404响应。我OWIN启动类:Owin身份令牌身份验证令牌端点响应404
[assembly: OwinStartup(typeof(Web.Startup))]
namespace Web
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureOAuth(app);
}
public void ConfigureOAuth(IAppBuilder app)
{
Console.WriteLine("owin");
app.CreatePerOwinContext<OwinAuthDbContext>(() => new OwinAuthDbContext());
app.CreatePerOwinContext<UserManager<IdentityUser>>(CreateManager);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
var provider = new MyAuthorizationServerProvider();
OAuthAuthorizationServerOptions option = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = false, //have also tried with true here
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = provider
};
app.UseOAuthAuthorizationServer(option);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);
}
private static UserManager<IdentityUser> CreateManager(IdentityFactoryOptions<UserManager<IdentityUser>> options, IOwinContext context)
{
var userStore = new UserStore<IdentityUser>(context.Get<OwinAuthDbContext>());
var owinManager = new UserManager<IdentityUser>(userStore);
return owinManager;
}
}
}
正如你所看到的标记应该是名“/令牌”,但是当我打电话https://localhost:44373/token我收到了404不管我增加了对用户名,密码和token_type头。我的OAuthAuthorizationServerProvider类:
public class MyAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId;
string clientSecret;
if (context.TryGetBasicCredentials(out clientId, out clientSecret))
{
// validate the client Id and secret against database or from configuration file.
context.Validated();
}
else
{
context.SetError("invalid_client", "Client credentials could not be retrieved from the Authorization header");
context.Rejected();
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
UserManager<IdentityUser> userManager = context.OwinContext.GetUserManager<UserManager<IdentityUser>>();
IdentityUser user;
try
{
user = await userManager.FindAsync(context.UserName, context.Password);
}
catch
{
// Could not retrieve the user due to error.
context.SetError("server_error");
context.Rejected();
return;
}
if (user != null)
{
ClaimsIdentity identity = await userManager.CreateIdentityAsync(
user,
DefaultAuthenticationTypes.ExternalBearer);
context.Validated(identity);
}
else
{
context.SetError("invalid_grant", "Invalid User Id or password'");
context.Rejected();
}
}
}
我希望你能帮忙。
编辑:
的web.config依赖性组装:
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
<bindingRedirect oldVersion="0.0.0.0-10.0.0.0" newVersion="10.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Autofac" publicKeyToken="17863af14b0044da" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.5.0.0" newVersion="4.5.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Cors" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin.Security.OAuth" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
</dependentAssembly>
答
请确保您传入grant_type:密码太在你的身体,并使用POST发送到http://localhost:XXXXX/token
- 用户名:userXX
- 密码:XXXX
- grant_type:密码
PS:我看到你缺少你的配置功能的app.UseWebApi(config);
?请确保它是后ConfigureOAuth(app);
实例名为:
public void Configuration(IAppBuilder app)
{
HttpConfiguration config = new HttpConfiguration();
ConfigureOAuth(app);
WebApiConfig.Register(config);
app.UseWebApi(config);
}
+0
我一直在发送这些值,但这不是问题所在,发送没有grant_type的请求应该返回:无效的grant_type。然而,我得到的所有返回404没有找到。我还添加了'app.UseWebApi(config);'但它没有改变任何东西 –
你能否证实的配置,同时加载竟然打?检查是否引用了NuGet包* Microsoft.Owin.Host.SystemWeb *。 –
当在owin启动类中设置断点时,会引用Microsoft.Owin.Host.SystemWeb程序包,但不会触及它。我认为整个启动课没有得到执行,但我不知道,我不知道为什么。 –
为了确保启动只在第一次调用时被触发,而不是在开始调试时触发。检查你的web.config以查看是否设置了所有dependentAssemblies,如Microsoft.Owin,Microsoft.Owin.Security等。并且您是否使用正确的端口? http和https是不同的端口。 –