我从VS模板创建了一个Web api,并使用装饰有[Authorize]的Values Controller。我添加了如下Owin Startup:
[assembly: OwinStartup(typeof(WebAPIDotNet.Startup))]
namespace WebAPIDotNet
{
public class Startup
{
private static string clientId = "xxxxxxxxx"; // my actual client id from azure ad.
public void Configuration(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new JwtFormat(
new TokenValidationParameters
{
// Check if the audience is intended to be this application
ValidAudiences = new[] { clientId, $"api://{clientId}" },
// Change below to 'true' if you want this Web API to accept tokens issued to one Azure AD tenant only (single-tenant)
// Note that this is a simplification for the quickstart here. You should validate the issuer. For details,
// see https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore
ValidateIssuer = false,
}
//new OpenIdConnectSecurityTokenProvider("https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration")
),
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
// Below Provider is just so that I can capture detailed errors while debugging, but no success
Provider = new OAuthBearerAuthenticationProvider
{
OnRequestToken = Onrequesttoken,
OnApplyChallenge = applyuingChallenge,
OnValidateIdentity = validatingidentiity
},
});
}
private Task validatingidentiity(OAuthValidateIdentityContext arg)
{
return Task.FromResult(0);
}
private Task applyuingChallenge(OAuthChallengeContext arg)
{
return Task.FromResult(0);
}
private Task Onrequesttoken(OAuthRequestTokenContext arg)
{
return Task.FromResult(0);
}
}
}
我已经有一个访问令牌,并且我已经验证它具有正确的访问者,等等。但是用Postman发出GET请求时,总是会给我msg-“ Message”:“此请求的授权被拒绝。”] >
[当我调试时,我可以将令牌视为授权的一部分,有什么办法可以记录/查看实际错误而不是“消息”:“此请求的授权被拒绝。” ?
我从VS模板创建了一个Web api,并使用装饰有[Authorize]的Values Controller。我添加了如下Owin Startup:[程序集:OwinStartup(typeof(WebAPIDotNet.Startup))名称空间...
以防万一有人遇到这个问题,我在Owin Katana文档中找到了答案。基本上,将其放在web.config中的config下面将启用带有详细信息的输出窗口中的日志,并且由于使用Owin身份验证中间件,我能够看到授权失败的根本原因。