0

我一直在嘗試使用OWIN和asp.net身份和實體框架將基於令牌的身份驗證添加到我的應用程序。但是,當我嘗試通過令牌端點路徑獲取我的令牌時,我得到一個404響應。我OWIN啓動類:Owin身份令牌身份驗證令牌端點響應404

[assembly: OwinStartup(typeof(Web.Startup))] 

namespace Web 
{ 
    public class Startup 
    { 
     public void Configuration(IAppBuilder app) 
     { 
      ConfigureOAuth(app); 
     } 

     public void ConfigureOAuth(IAppBuilder app) 
     { 
      Console.WriteLine("owin"); 
      app.CreatePerOwinContext<OwinAuthDbContext>(() => new OwinAuthDbContext()); 
      app.CreatePerOwinContext<UserManager<IdentityUser>>(CreateManager); 
      app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); 

      var provider = new MyAuthorizationServerProvider(); 
      OAuthAuthorizationServerOptions option = new OAuthAuthorizationServerOptions 
      { 
       AllowInsecureHttp = false, //have also tried with true here 
       TokenEndpointPath = new PathString("/token"), 
       AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), 
       Provider = provider 
      }; 
      app.UseOAuthAuthorizationServer(option); 
      app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); 

      HttpConfiguration config = new HttpConfiguration(); 
      WebApiConfig.Register(config); 
     } 

     private static UserManager<IdentityUser> CreateManager(IdentityFactoryOptions<UserManager<IdentityUser>> options, IOwinContext context) 
     { 
      var userStore = new UserStore<IdentityUser>(context.Get<OwinAuthDbContext>()); 
      var owinManager = new UserManager<IdentityUser>(userStore); 
      return owinManager; 
     } 
    } 
} 

正如你所看到的標記應該是名「/令牌」,但是當我打電話https://localhost:44373/token我收到了404不管我增加了對用戶名,密碼和token_type頭。我的OAuthAuthorizationServerProvider類:

public class MyAuthorizationServerProvider : OAuthAuthorizationServerProvider 
{ 
    public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) 
    { 
     string clientId; 
     string clientSecret; 

     if (context.TryGetBasicCredentials(out clientId, out clientSecret)) 
     { 
      // validate the client Id and secret against database or from configuration file. 
      context.Validated(); 
     } 
     else 
     { 
      context.SetError("invalid_client", "Client credentials could not be retrieved from the Authorization header"); 
      context.Rejected(); 
     } 
    } 

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) 
    { 
     UserManager<IdentityUser> userManager = context.OwinContext.GetUserManager<UserManager<IdentityUser>>(); 
     IdentityUser user; 
     try 
     { 
      user = await userManager.FindAsync(context.UserName, context.Password); 
     } 
     catch 
     { 
      // Could not retrieve the user due to error. 
      context.SetError("server_error"); 
      context.Rejected(); 
      return; 
     } 
     if (user != null) 
     { 
      ClaimsIdentity identity = await userManager.CreateIdentityAsync(
                user, 
                DefaultAuthenticationTypes.ExternalBearer); 
      context.Validated(identity); 
     } 
     else 
     { 
      context.SetError("invalid_grant", "Invalid User Id or password'"); 
      context.Rejected(); 
     } 
    } 
} 

我希望你能幫忙。

編輯:

的web.config依賴性組裝:

<dependentAssembly> 
     <assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" /> 
     <bindingRedirect oldVersion="0.0.0.0-10.0.0.0" newVersion="10.0.0.0" /> 
     </dependentAssembly> 
     <dependentAssembly> 
     <assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" /> 
     <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" /> 
     </dependentAssembly> 
     <dependentAssembly> 
     <assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" /> 
     <bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" /> 
     </dependentAssembly> 
     <dependentAssembly> 
     <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" /> 
     <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" /> 
     </dependentAssembly> 
     <dependentAssembly> 
     <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" /> 
     <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" /> 
     </dependentAssembly> 
     <dependentAssembly> 
     <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> 
     <bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" /> 
     </dependentAssembly> 
     <dependentAssembly> 
     <assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral" /> 
     <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" /> 
     </dependentAssembly> 
     <dependentAssembly> 
     <assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" /> 
     <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" /> 
     </dependentAssembly> 
     <dependentAssembly> 
     <assemblyIdentity name="Autofac" publicKeyToken="17863af14b0044da" culture="neutral" /> 
     <bindingRedirect oldVersion="0.0.0.0-4.5.0.0" newVersion="4.5.0.0" /> 
     </dependentAssembly> 
     <dependentAssembly> 
     <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" /> 
     <bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" /> 
     </dependentAssembly> 
     <dependentAssembly> 
     <assemblyIdentity name="System.Web.Cors" publicKeyToken="31bf3856ad364e35" culture="neutral" /> 
     <bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" /> 
     </dependentAssembly> 
     <dependentAssembly> 
     <assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral" /> 
     <bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" /> 
     </dependentAssembly> 
     <dependentAssembly> 
     <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" /> 
     <bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" /> 
     </dependentAssembly> 
     <dependentAssembly> 
     <assemblyIdentity name="Microsoft.Owin.Security.OAuth" publicKeyToken="31bf3856ad364e35" culture="neutral" /> 
     <bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" /> 
     </dependentAssembly> 
+0

你能否證實的配置,同時加載竟然打?檢查是否引用了NuGet包* Microsoft.Owin.Host.SystemWeb *。 –

+0

當在owin啓動類中設置斷點時,會引用Microsoft.Owin.Host.SystemWeb程序包,但不會觸及它。我認爲整個啓動課沒有得到執行,但我不知道,我不知道爲什麼。 –

+0

爲了確保啓動只在第一次調用時被觸發,而不是在開始調試時觸發。檢查你的web.config以查看是否設置了所有dependentAssemblies,如Microsoft.Owin,Microsoft.Owin.Security等。並且您是否使用正確的端口? http和https是不同的端口。 –

回答

0

請確保您傳入grant_type:密碼太在你的身體,並使用POST發送到http://localhost:XXXXX/token

  • 用戶名:userXX
  • 密碼:XXXX
  • grant_type:密碼

PS:我看到你缺少你的配置功能的app.UseWebApi(config);?請確保它是後ConfigureOAuth(app);

實例名爲:

public void Configuration(IAppBuilder app) 
     { 
      HttpConfiguration config = new HttpConfiguration(); 
      ConfigureOAuth(app);  
      WebApiConfig.Register(config); 
      app.UseWebApi(config); 
     } 
+0

我一直在發送這些值,但這不是問題所在,發送沒有grant_type的請求應該返回:無效的grant_type。然而,我得到的所有返回404沒有找到。我還添加了'app.UseWebApi(con​​fig);'但它沒有改變任何東西 –