如果未提供令牌,OWIN 配置不会触发 Not Authorize

OWIN Configuration not firing Not Authorize if no token is provided

我像这样配置了我的 OWIN 启动 class :

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        // For more information on how to configure your application, visit https://go.microsoft.com/fwlink/?LinkID=316888
        app.UseActiveDirectoryFederationServicesBearerAuthentication(
            new ActiveDirectoryFederationServicesBearerAuthenticationOptions
            {
                MetadataEndpoint = ConfigurationManager.AppSettings["ida:AdfsMetadataEndpoint"],
                TokenValidationParameters = new TokenValidationParameters()
                {
                    ValidAudience = ConfigurationManager.AppSettings["ida:Audience"],
                    ValidIssuer = ConfigurationManager.AppSettings["ida:Issuer"]
                }
            }
        );
    }
}

Global.asax.cs :

public class WebApiApplication : HttpApplication
{
    protected void Application_Start()
    {
        AreaRegistration.RegisterAllAreas();
        GlobalConfiguration.Configure(WebApiConfig.Register);
        FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
        RouteConfig.RegisterRoutes(RouteTable.Routes);
    }
}

还有我的控制器:

[RoutePrefix("v1/onboarding")]
public class OnboardingController : ApiController
{
    [Route("client")]
    [HttpGet]
    public HttpResponseMessage CreateClient([FromUri] string CIFID)
    {
        return new HttpResponseMessage(HttpStatusCode.Created);
    }
}

但是当我使用 postman 调用没有 Bearer 令牌的 GET /client 时,调用继续并且我得到我的 201 响应状态。

如果我不提供不记名令牌,应该会触发 403 未授权状态码,对吗?

向控制器添加了 [Authorize] 属性。