首页 > 编程语言> > c# – 你如何拒绝Katana Bearer令牌的身份

c# – 你如何拒绝Katana Bearer令牌的身份

2019-06-29 08:55:48 作者：互联网

我怎么能拒绝身份？我的类继承自OAuthBearerAuthenticationProvider并且我重写了ValidateIdentity？

我试过设置context.Rejected();或context.SetError();并抛出异常,但我的控制器仍然被调用. OAuthBearerAuthenticationHandler会调用我的类,所以我知道我的设置正确.

我目前的失败代码

        public void ConfigureAuth ( IAppBuilder app )
        {
            // Enable the application to use a cookie to store information for the signed in user
            // and to use a cookie to temporarily store information about a user logging in with a third party login provider
            app.UseCookieAuthentication(new CookieAuthenticationOptions());
            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

            // Enable the application to use bearer tokens to authenticate users
            app.UseOAuthBearerAuthentication ( new OAuthBearerAuthenticationOptions ()
            {
                Provider = new OAuthBearerAuthenticationProvider ()
                {
                    OnValidateIdentity = async ctx => { ctx.Rejected (); }
                }
            } );
            app.UseOAuthBearerTokens(OAuthOptions);
}

解决方法:

我无法重复这个问题.你能检查一下OnValidateIdentity的实现是否相同？

        OAuthBearerOptions = new OAuthBearerAuthenticationOptions()
        {
            Provider = new OAuthBearerAuthenticationProvider
            {
                OnValidateIdentity = async ctx =>
                    {
                        ctx.Rejected();
                    }
            }
        };

标签：c,asp-net-web-api,owin,katana
来源： https://codeday.me/bug/20190629/1324832.html