1
I am issuing token, but at the moment make a request with the token, returns the following message:
"Message": "Authorization has been denied for this request."
I am passing user and static password
Filing cabinet: startup.Cs
private void ConfigureAccessToken(IAppBuilder app)
{
var optionsConfigurationToken = new OAuthAuthorizationServerOptions()
{
//Permitindo acesso ao endereço de fornecimento do token de acesso sem
//precisar de HTTPS (AllowInsecureHttp).
//Em produção o valor deve ser false.
AllowInsecureHttp = true,
//Configurando o endereço do fornecimento do token de acesso (TokenEndpointPath).
TokenEndpointPath = new PathString("/token"),
//Configurando por quanto tempo um token de acesso já forncedido valerá (AccessTokenExpireTimeSpan).
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
//Como verificar usuário e senha para fornecer tokens de acesso? Precisamos configurar o Provider dos tokens
Provider = new ProviderTokenAccess()
};
//Estas duas linhas ativam o fornecimento de tokens de acesso numa WebApi
app.UseOAuthAuthorizationServer(optionsConfigurationToken);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
Filing cabinet: Provider
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var user = Users()
.FirstOrDefault(x => x.Name == context.UserName
&& x.Password == context.Password);
if (user == null)
{
context.SetError("invalid_grant",
"Usuário não encontrado ou a senha está incorreta.");
return;
}
var identyUser = new ClaimsIdentity(context.Options.AuthenticationType);
identyUser.AddClaim(new Claim("sub", context.UserName));
identyUser.AddClaim(new Claim(ClaimTypes.Role, "user"));
context.Validated(identyUser);
}
public static IEnumerable<User> Users()
{
return new List<User>
{
new User { Name = "Marcelo", Password = "admin" },
new User { Name = "Joao", Password = "12345" },
};
}
Request
using System.Web.Http;
namespace PlataformaCliAPI.Controllers
{
public class ContaController : ApiController
{
// GET: api/Conta
[Authorize]
public string Get()
{
return "Sucesso";
}
}
}
You have an example of request?
– Leandro Angelo
I edited, including the request;
– user65462
I was referring to the product, for you to check if the token is being generated and shipped
– Leandro Angelo
Leandro Angelo, I don’t understand, but when I request the token is generated, like bearer.
– user65462
It is exactly what it would be interesting for you to capture, if the token is being generated and included in the bearer
– Leandro Angelo