我是新來打開ID,Identity Server和構建API, 我已經成立了一個身份Server 3和API和客戶端,我的服務器就可以訪問令牌客戶端它可以調用服務器API 啓動時使用的是爲什麼[路徑]身份的服務器進行授權工作3
public void Configuration (IAppBuilder app)
{
var options = new IdentityServerOptions
{
Factory = new IdentityServerServiceFactory()
.UseInMemoryClients(Clients.Get())
.UseInMemoryScopes(Scopes.Get())
.UseInMemoryUsers(Users.Get()),
RequireSsl = false
};
app.UseIdentityServer(options);
}
和我的API啓動
public void Configuration(IAppBuilder app)
{
//accept access token from indentityserver and require a scope of api1
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions
{
Authority = "http://localhost:62172/",
ValidationMode = ValidationMode.ValidationEndpoint,
RequiredScopes = new[] { "api1" }
});
//config web api
var config = new HttpConfiguration();
config.MapHttpAttributeRoutes();
// require authentication for all controllers
config.Filters.Add(new AuthorizeAttribute());
app.UseWebApi(config);
}
我的問題是,爲什麼當我使用
[Route("api/Search")]
它的工作如使用[授權]
[Route("api/Search")]
public async Task<IHttpActionResult> Companies(SearchRequest searchRequest)
{
}
爲什麼上述像工作吹塑代碼:
[Authorize]
public async Task<IHttpActionResult> Companies(SearchRequest searchRequest)
{}
更多信息
在我的控制器這是方法,我正在打電話,我試圖強制用戶授權
public async Task<IHttpActionResult> Companies(SearchRequest searchRequest)
{
var caller = User as ClaimsPrincipal;
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
HttpResponseMessage response = new HttpResponseMessage();
Framework.BusinessLogicFactory factory = new Framework.BusinessLogicFactory();
BusinessLogic.Search search = factory.CreateSearch();
}
但是,如果我沒有[授權]或[路線(「API/Sreach」)在控制器屬性,以API的調用會得到結果返回, 這是怎麼我測試我的API
string APiURL = "http://localhost:59791/api/Search";
var responses = GetClientToken();
var clinet = new HttpClient();
var value = new Dictionary<string, string>()
{
{ "CompanyNumber", " " },
{ "CompanyName", "test" },
{ "Address1", " " },
{ "Address2", " " },
{ "Address3", " " },
{ "PostCode", " " },
{ "CountryCode", " " },
};
var content = new FormUrlEncodedContent(value);
var response = await clinet.PostAsync(APiURL, content);
var t = response.StatusCode;
可以有一個人請告訴我爲什麼我的問題得到了記下? –