如何在 web api Authentication Failed 场景中获取详细错误而不是 "Message": "Authorization has been denied for this request."?
How to get the detailed error in web api Authentication Failed scenario instead of "Message": "Authorization has been denied for this request."?
我从 VS 模板创建了一个 Web api,其中包含一个装饰有 [Authorize] 的值控制器。我添加了 Owin Startup 如下:
[assembly: OwinStartup(typeof(WebAPIDotNet.Startup))]
namespace WebAPIDotNet
{
public class Startup
{
private static string clientId = "xxxxxxxxx"; // my actual client id from azure ad.
public void Configuration(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new JwtFormat(
new TokenValidationParameters
{
// Check if the audience is intended to be this application
ValidAudiences = new[] { clientId, $"api://{clientId}" },
// Change below to 'true' if you want this Web API to accept tokens issued to one Azure AD tenant only (single-tenant)
// Note that this is a simplification for the quickstart here. You should validate the issuer. For details,
// see https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore
ValidateIssuer = false,
}
//new OpenIdConnectSecurityTokenProvider("https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration")
),
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
// Below Provider is just so that I can capture detailed errors while debugging, but no success
Provider = new OAuthBearerAuthenticationProvider
{
OnRequestToken = Onrequesttoken,
OnApplyChallenge = applyuingChallenge,
OnValidateIdentity = validatingidentiity
},
});
}
private Task validatingidentiity(OAuthValidateIdentityContext arg)
{
return Task.FromResult(0);
}
private Task applyuingChallenge(OAuthChallengeContext arg)
{
return Task.FromResult(0);
}
private Task Onrequesttoken(OAuthRequestTokenContext arg)
{
return Task.FromResult(0);
}
}
}
我已经有一个访问令牌,并且我已经验证它有正确的受众等。但是使用 Postman 发出 GET 请求总是给我消息 - "Message": "Authorization has been denied for this request."
当我调试时,我可以看到令牌是授权的一部分,有什么办法可以 log/see 实际错误而不是 "Message": "Authorization has been denied for this request." ?
邮递员要求:
为了防止其他人遇到这个问题,我在 Owin Katana 文档中找到了答案。本质上,在您的 web.config 中放置在配置下方将在输出 window 中启用包含详细信息的日志,并且我能够看到授权失败的根本原因,因为我使用的是 Owin 身份验证中间件。
<system.diagnostics>
<switches>
<add name="Microsoft.Owin" value="Verbose" />
</switches>
</system.diagnostics>
我从 VS 模板创建了一个 Web api,其中包含一个装饰有 [Authorize] 的值控制器。我添加了 Owin Startup 如下:
[assembly: OwinStartup(typeof(WebAPIDotNet.Startup))]
namespace WebAPIDotNet
{
public class Startup
{
private static string clientId = "xxxxxxxxx"; // my actual client id from azure ad.
public void Configuration(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions
{
AccessTokenFormat = new JwtFormat(
new TokenValidationParameters
{
// Check if the audience is intended to be this application
ValidAudiences = new[] { clientId, $"api://{clientId}" },
// Change below to 'true' if you want this Web API to accept tokens issued to one Azure AD tenant only (single-tenant)
// Note that this is a simplification for the quickstart here. You should validate the issuer. For details,
// see https://github.com/Azure-Samples/active-directory-dotnet-native-aspnetcore
ValidateIssuer = false,
}
//new OpenIdConnectSecurityTokenProvider("https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration")
),
AuthenticationMode = Microsoft.Owin.Security.AuthenticationMode.Active,
// Below Provider is just so that I can capture detailed errors while debugging, but no success
Provider = new OAuthBearerAuthenticationProvider
{
OnRequestToken = Onrequesttoken,
OnApplyChallenge = applyuingChallenge,
OnValidateIdentity = validatingidentiity
},
});
}
private Task validatingidentiity(OAuthValidateIdentityContext arg)
{
return Task.FromResult(0);
}
private Task applyuingChallenge(OAuthChallengeContext arg)
{
return Task.FromResult(0);
}
private Task Onrequesttoken(OAuthRequestTokenContext arg)
{
return Task.FromResult(0);
}
}
}
我已经有一个访问令牌,并且我已经验证它有正确的受众等。但是使用 Postman 发出 GET 请求总是给我消息 - "Message": "Authorization has been denied for this request."
当我调试时,我可以看到令牌是授权的一部分,有什么办法可以 log/see 实际错误而不是 "Message": "Authorization has been denied for this request." ?
邮递员要求:
为了防止其他人遇到这个问题,我在 Owin Katana 文档中找到了答案。本质上,在您的 web.config 中放置在配置下方将在输出 window 中启用包含详细信息的日志,并且我能够看到授权失败的根本原因,因为我使用的是 Owin 身份验证中间件。
<system.diagnostics>
<switches>
<add name="Microsoft.Owin" value="Verbose" />
</switches>
</system.diagnostics>