我需要使用cookie身份验证配置我的asp.net应用程序的帮助。这是我的配置是什么样子:使用[授权]属性时未验证身份验证Cookie
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
CookieSecure = CookieSecureOption.SameAsRequest,
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);
}
我的登录API的路线是:
[Route("Login")]
[HttpPost]
[AllowAnonymous]
public IHttpActionResult Login(RegisterBindingModel model)
{
var user = UserManager.Find(model.Username, model.Password);
if (user != null)
{
Authentication.SignOut();
var identity = UserManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
identity.AddClaim(new Claim(ClaimTypes.Role, "IsAdmin"));
Authentication.SignIn(new AuthenticationProperties() { IsPersistent = true }, identity);
return Ok("Success");
}
return Ok();
}
调用登录返回一个名为.AspNet.ApplicationCookie饼干,但是当我打电话注销行动:
[Route("Logout")]
[HttpPost]
public IHttpActionResult Logout()
{
Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
return Ok();
}
我收到以下错误:Authoriza这项要求已被拒绝
我做错了什么?
注:我饰有[授权]控制器属性
你有2个不同的MVC和WebAPI项目在这种情况下检查我的答案在这里 - http://stackoverflow.com/questions/38424518/use-web-api-cookie-for-mvc-cookie/38428420#38428420 。顺便说一句,你的问题只有注销或所有控制器装饰了[授权]属性 –
您的评论让我看看我的Web API配置设置,只是意识到它只被配置为允许持票人令牌。我删除了对SuppressDefaultHostAuthentication的调用,现在一切正常。感谢您指点我正确的方向。 – Draco
哦,是的默认模板总是有。很高兴你知道了。 –