Owin 身份令牌认证令牌端点以 404 响应
Posted
技术标签:
【中文标题】Owin 身份令牌认证令牌端点以 404 响应【英文标题】:Owin identity token authentication token endpoint responds with 404 【发布时间】:2017-10-28 08:35:42 【问题描述】:我一直在尝试使用 OWIN 和 asp.net 身份和实体框架向我的应用程序添加基于令牌的授权。但是,当我尝试通过令牌端点路径获取令牌时,我得到 404 响应。我的 OWIN 启动课:
[assembly: OwinStartup(typeof(Web.Startup))]
namespace Web
public class Startup
public void Configuration(IAppBuilder app)
ConfigureOAuth(app);
public void ConfigureOAuth(IAppBuilder app)
Console.WriteLine("owin");
app.CreatePerOwinContext<OwinAuthDbContext>(() => new OwinAuthDbContext());
app.CreatePerOwinContext<UserManager<IdentityUser>>(CreateManager);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
var provider = new MyAuthorizationServerProvider();
OAuthAuthorizationServerOptions option = new OAuthAuthorizationServerOptions
AllowInsecureHttp = false, //have also tried with true here
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = provider
;
app.UseOAuthAuthorizationServer(option);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);
private static UserManager<IdentityUser> CreateManager(IdentityFactoryOptions<UserManager<IdentityUser>> options, IOwinContext context)
var userStore = new UserStore<IdentityUser>(context.Get<OwinAuthDbContext>());
var owinManager = new UserManager<IdentityUser>(userStore);
return owinManager;
如您所见,令牌应该在“/token”下可用,但是当我调用https://localhost:44373/token 时,无论我为用户名、密码和令牌类型添加标题,我都会得到 404。我的 OAuthAuthorizationServerProvider 类:
public class MyAuthorizationServerProvider : OAuthAuthorizationServerProvider
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
string clientId;
string clientSecret;
if (context.TryGetBasicCredentials(out clientId, out clientSecret))
// validate the client Id and secret against database or from configuration file.
context.Validated();
else
context.SetError("invalid_client", "Client credentials could not be retrieved from the Authorization header");
context.Rejected();
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
UserManager<IdentityUser> userManager = context.OwinContext.GetUserManager<UserManager<IdentityUser>>();
IdentityUser user;
try
user = await userManager.FindAsync(context.UserName, context.Password);
catch
// Could not retrieve the user due to error.
context.SetError("server_error");
context.Rejected();
return;
if (user != null)
ClaimsIdentity identity = await userManager.CreateIdentityAsync(
user,
DefaultAuthenticationTypes.ExternalBearer);
context.Validated(identity);
else
context.SetError("invalid_grant", "Invalid User Id or password'");
context.Rejected();
希望你能帮忙。
编辑:
web.config 依赖程序集:
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" culture="neutral" publicKeyToken="30ad4fe6b2a6aeed" />
<bindingRedirect oldVersion="0.0.0.0-10.0.0.0" newVersion="10.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="0.0.0.0-1.6.5135.21930" newVersion="1.6.5135.21930" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Autofac" publicKeyToken="17863af14b0044da" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.5.0.0" newVersion="4.5.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.5.0.2" newVersion="3.5.0.2" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Cors" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.2.3.0" newVersion="5.2.3.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin.Security" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin.Security.OAuth" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
</dependentAssembly>
【问题讨论】:
你能确认加载时配置确实被命中了吗?检查是否引用了 NuGet 包 Microsoft.Owin.Host.SystemWeb。 引用了 Microsoft.Owin.Host.SystemWeb 包,在 owin 启动类中设置断点时不会命中。我认为整个启动类都没有被执行,但我不确定,我不知道为什么。 为确保启动仅在第一次调用时触发,而不是在您开始调试时触发。检查您的 web.config 以查看是否设置了所有相关程序集,例如 Microsoft.Owin、Microsoft.Owin.Security 等。您是否使用了正确的端口? http 和 https 是不同的端口。 查看相关组件的编辑,我认为这应该都是正确的。我在 web 项目的属性中使用了正确的端口集,项目的其余部分工作正常,它加载了我的 index.cshtml 并且我所有的 api 调用工作正常。 您是否在调试、IIS、IIS Express 中运行? 【参考方案1】:请确保您也传递了 grant_type : password 并使用 POST 发送到http://localhost:XXXXX/token
用户名:userXX 密码:XXXX grant_type : 密码ps:我看到您在配置函数中缺少app.UseWebApi(config);?请确保在ConfigureOAuth(app);之后调用它
例子:
public void Configuration(IAppBuilder app)
HttpConfiguration config = new HttpConfiguration();
ConfigureOAuth(app);
WebApiConfig.Register(config);
app.UseWebApi(config);
【讨论】:
我一直在发送这些值,但这不是问题所在,发送没有授权类型的请求应该返回:无效授权类型。然而,我得到的只是 404 未找到。我还添加了app.UseWebApi(config);,但它并没有改变任何东西【参考方案2】:
请试试这个方法:
public void Configuration(IAppBuilder app)
var config = new HttpConfiguration();
ConfigureOAuth(app);
WebApiConfig.Register(config);
app.UseWebApi(config);
private void ConfigureOAuth(IAppBuilder app)
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/oauth/Token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),
Provider = new AuthorizationServerProvider()
;
//Token Generation
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
AuthorizationServerProvider.cs
public class AuthorizationServerProvider : OAuthAuthorizationServerProvider
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
context.Validated();
return base.ValidateClientAuthentication(context);
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
//Add parameters to token
ClaimsIdentity oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
context.Validated(oAuthIdentity);
return base.GrantResourceOwnerCredentials(context);
【讨论】:
【参考方案3】:您的启动类无法访问,请尝试将 Web.config 中 AutomaticAppStartup 的值更改为 true,如下所示:
<configuration>
<appSettings>
.
.
<add key="owin:AutomaticAppStartup" value="true" />
<appSettings>
.
.
<configuration>
【讨论】:
以上是关于Owin 身份令牌认证令牌端点以 404 响应的主要内容,如果未能解决你的问题,请参考以下文章