我有一个简单的api控制器,其方法“GetDashboard”包含一个Authorize属性,如此...
[RoutePrefix("api/Dashboard")]
public class DashboardController : ApiController
{
[HttpGet]
[Authorize]
[Route("GetDashboard")]
public HttpResponseMessage GetDashboard()
{
//Do stuff...
}
}
我正在使用Owin管道和承载令牌进行api授权,在我的Owin配置中,我创建了两个授权提供程序,使用app.Map()功能选择正确的机制来授权用户,具体取决于你的api入口点所以...
app.Map("/RouteOne", app1 =>
{
appAteb.UseCookieAuthentication(new CookieAuthenticationOptions());
appAteb.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
PublicClientId = "app1";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Authenticate1"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = false
};
app1.UseOAuthBearerTokens(OAuthOptions);
});
app.Map("/RouteTwo", app2 =>
{
app2.UseCookieAuthentication(new CookieAuthenticationOptions());
app2.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
PublicClientId = "app2";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Authenticate2"),
Provider = new AnotherAuthProvider(PublicClientId),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = false
};
app2.UseOAuthBearerTokens(OAuthOptions);
});
两种机制都正确地进行了身份验证,生成了承载令牌并将其传递回浏览器,但是当我在仪表板控制器上使用令牌进行授权时,它会返回401 Unorthorized?
我怀疑它与app.map有关,因为如果我删除它并且只有一个机制调用我的仪表板控制器工作正常但是我需要能够使用授权机制和我的api控制器来接受令牌 .
任何有关解决此问题的帮助将不胜感激 .
谢谢
1 回答
您的操作
GetDashboard()的RoutePrefix应该包含其中一个 Map 的路线 . 例如,您可以将 Map 重新定义为api/RouteOne和api/RouteTwo,然后路由前缀可以是例如[RoutePrefix("api/RouteOne/Dashboard")]. 我希望它有所帮助 .