使用 [Authorize] 属性时未读取身份验证 cookie
Authentication cookie not being read when using [Authorize] attribute
我需要帮助来配置我的 asp.net 使用 cookie 身份验证的应用程序。这是我的配置:
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
CookieSecure = CookieSecureOption.SameAsRequest,
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);
}
我的登录api路由是:
[Route("Login")]
[HttpPost]
[AllowAnonymous]
public IHttpActionResult Login(RegisterBindingModel model)
{
var user = UserManager.Find(model.Username, model.Password);
if (user != null)
{
Authentication.SignOut();
var identity = UserManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
identity.AddClaim(new Claim(ClaimTypes.Role, "IsAdmin"));
Authentication.SignIn(new AuthenticationProperties() { IsPersistent = true }, identity);
return Ok("Success");
}
return Ok();
}
调用登录 returns 名为 .AspNet.ApplicationCookie 的 cookie,但是当我调用 logout 操作时:
[Route("Logout")]
[HttpPost]
public IHttpActionResult Logout()
{
Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
return Ok();
}
我收到以下错误:此请求的授权已被拒绝
我做错了什么?
注意:我用 [Authorize] 属性装饰了控制器
请检查您的 global.asax.cs() - 我们必须在那里注册 GlobalFilters
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
查看我的 Web API 配置设置才发现它只配置为允许不记名令牌。我删除了对 SuppressDefaultHostAuthentication 的调用,现在一切正常。
我需要帮助来配置我的 asp.net 使用 cookie 身份验证的应用程序。这是我的配置:
public void ConfigureAuth(IAppBuilder app)
{
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.UseCookieAuthentication(new CookieAuthenticationOptions()
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
CookieSecure = CookieSecureOption.SameAsRequest,
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
app.UseOAuthBearerTokens(OAuthOptions);
}
我的登录api路由是:
[Route("Login")]
[HttpPost]
[AllowAnonymous]
public IHttpActionResult Login(RegisterBindingModel model)
{
var user = UserManager.Find(model.Username, model.Password);
if (user != null)
{
Authentication.SignOut();
var identity = UserManager.CreateIdentity(user, DefaultAuthenticationTypes.ApplicationCookie);
identity.AddClaim(new Claim(ClaimTypes.Role, "IsAdmin"));
Authentication.SignIn(new AuthenticationProperties() { IsPersistent = true }, identity);
return Ok("Success");
}
return Ok();
}
调用登录 returns 名为 .AspNet.ApplicationCookie 的 cookie,但是当我调用 logout 操作时:
[Route("Logout")]
[HttpPost]
public IHttpActionResult Logout()
{
Authentication.SignOut(CookieAuthenticationDefaults.AuthenticationType);
return Ok();
}
我收到以下错误:此请求的授权已被拒绝
我做错了什么?
注意:我用 [Authorize] 属性装饰了控制器
请检查您的 global.asax.cs() - 我们必须在那里注册 GlobalFilters
protected void Application_Start()
{
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
查看我的 Web API 配置设置才发现它只配置为允许不记名令牌。我删除了对 SuppressDefaultHostAuthentication 的调用,现在一切正常。