我正试图通过C#使用webapi创建一个登录身份验证令牌,并用PostMan进行了测试
这是我所做的C#webapi
这是我的启动。cs
using Microsoft.Owin;
using Microsoft.Owin.Security.OAuth;
using Owin;
using System;
using System.Web;
using System.Web.Http;
using Microsoft.Owin.Cors;
using DBSecurityTest.Controllers;
[assembly: OwinStartup(typeof(DBSecurityTest.Startup))]
namespace DBSecurityTest
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
var myProvider = new MyAuthProvider();
OAuthAuthorizationServerOptions options = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),
Provider = myProvider
};
app.UseOAuthAuthorizationServer(options);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);
}
}
}
MyAuthProvider
using Microsoft.Owin.Security.OAuth;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Web;
using DBSecurityTest.Models;
namespace DBSecurityTest.Controllers
{
public class MyAuthProvider : OAuthAuthorizationServerProvider
{
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
context.Validated();
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
DBSecurityTestEntities DBST = new DBSecurityTestEntities();
var userdata = DBST.EF_UserLogin(context.UserName, context.Password).FirstOrDefault();
if (userdata != null)
{
identity.AddClaim(new Claim(ClaimTypes.Role, userdata.UserRole));
identity.AddClaim(new Claim(ClaimTypes.Name, userdata.UserName));
context.Validated(identity);
}
else
{
context.SetError("invalid_grant", "Provided username and password is incorrect");
context.Rejected();
}
}
}
}
WebApiConfig
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using Microsoft.Owin.Cors;
using System.Web.Http.Cors;
namespace DBSecurityTest
{
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
EnableCorsAttribute cors = new EnableCorsAttribute("*", "*", "*");
config.EnableCors();
// Web API configuration and services
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
}
}
}
我已经创建了数据库查询,如下所示:
use [DBSecurityTest]
CREATE TABLE [dbo].[UserLogin](
[Id] [int] IDENTITY(1,1) NOT NULL,
[UserName] [varchar](50) NULL,
[UserPassword] [varchar](50) NULL,
[UserEmail] [varchar](50) NULL,
[UserRole] [varchar](50) NULL,
CONSTRAINT [PK_UserLogin] PRIMARY KEY CLUSTERED
(
[Id] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY]
GO
-- insert data in table
insert into UserLogin(UserName,UserPassword,UserEmail,UserRole)
values ('admin','123456','admin@gmail.com','admin')
-- create store procedure
Create PROCEDURE [dbo].[EF_UserLogin]
@UserName varchar(50)=null,
@UserPassword varchar(50)=null
AS
BEGIN
SET NOCOUNT ON;
SELECT UserName,UserPassword,UserEmail,UserRole from UserLogin where UserName=@UserName and UserPassword=@UserPassword
END
我已经添加了我的ADO.Net模型
错误是,在调试Api时,我无法通过Postman测试我的令牌。
我的邮差配置如下:
POST,/token我选择Body和x.www-form-urlencoded
错误随附{"error":"unsupportedGrant_type"}
是我的Postman配置错误,还是与我的C#api代码有关?
你为此写了控制器吗?我认为您错过了一个控制器,因为它存储参数并处理它。您声明它的方式似乎在C#WebApi后端没有处理。
我想你可以参考这里的一些视频:https://www.youtube.com/watch?v=BZnmhyZzKgs
谢谢。
这是关于您的请求的,当您使用Postman发送请求时,您应该传递一个名为grant_type的参数。
OAuth框架为不同的用例指定了几种授予类型,以及一个用于创建新授予类型的框架。
下面列出了最常见的OAuth授予类型。
- 授权代码
- 客户端凭据
- 设备代码
- 刷新令牌
有关详细信息,请阅读OAuth Grant Types。