Token-Authentifizierung für benutzerdefinierte Datenbank in WebAPI

Question

Ich versuche, Token-Authentifizierung für meine eigene Datenbank zu implementieren. Meine Configure-Methode ist

public void ConfigureAuth(IAppBuilder app) 
{ 
     // Configure the db context and user manager to use a single instance per request 
     app.CreatePerOwinContext(ApplicationDbContext.Create); 
     app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create); 

     // Enable the application to use a cookie to store information for the signed in user 
     // and to use a cookie to temporarily store information about a user logging in with a third party login provider 
     app.UseCookieAuthentication(new CookieAuthenticationOptions()); 
     app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); 

     // Configure the application for OAuth based flow 
     PublicClientId = "self"; 
     OAuthOptions = new OAuthAuthorizationServerOptions 
     { 
      TokenEndpointPath = new PathString("/Token"), 
      Provider = new CustomOAuthProvider(), 
      AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), 
      AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), 
      // In production mode set AllowInsecureHttp = false 
      AllowInsecureHttp = true 
     }; 

     // Enable the application to use bearer tokens to authenticate users 
     app.UseOAuthBearerTokens(OAuthOptions); 
} 

Wie Sie sehen können, verwende ich CustomOAuthProvider Klasse, die GrantResourceOwnerCredentials Methode überschreibt wie folgt

public class CustomOAuthProvider : OAuthAuthorizationServerProvider 
{ 
    public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) 
    { 
     context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] {"*"}); 

     IUsersService userService = DependencyResolver.Current.GetService<IUsersService>(); 
     if (!userService.CheckCredentials(context.UserName, context.Password)) 
     { 
      context.SetError("invalid_grant", "The user name or password is incorrect"); 
      return Task.FromResult<object>(null); 
     } 

     var identity = new ClaimsIdentity("JWT"); 

     identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); 
     identity.AddClaim(new Claim("sub", context.UserName)); 
     identity.AddClaim(new Claim(ClaimTypes.Role, "User")); 

     var props = new AuthenticationProperties(new Dictionary<string, string> 
     { 
      { 
       "audience", context.ClientId ?? string.Empty 
      } 
     }); 

     var ticket = new AuthenticationTicket(identity, props); 
     context.Validated(ticket); 
     return Task.FromResult<object>(null); 
    } 
} 

Aber zu jeder Zeit mache ich eine Anfrage für Token über Fiddler, erhalte ich 400 = Schlecht anfordern.

Was mache ich falsch :)

Answer 1

Wer die gleichen Probleme haben, nur in diesem Artikel folgen, zeigt es, wie die GrantResourceOwnerCredentials Methode außer Kraft zu setzen, so dass alles funktioniert:

http://www.hackered.co.uk/articles/asp-net-mvc-creating-an-oauth-password-grant-type-token-endpoint

public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) 
{ 
    var user = userService.GetUser(context.UserName, context.Password); 
    var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType); 
    oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, user.Name)); 
    var ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties()); 
    context.Validated(ticket); 
    return base.GrantResourceOwnerCredentials(context); 
}