ASP.NET WEB API外部登录
本文关键字:外部 登录 API WEB NET ASP | 更新日期: 2023-09-27 18:17:09
我使用Visual Studio 2013项目向导在ASP.NET中创建了WEB API项目。它为社交登录创建了这个函数:
// GET api/Account/ExternalLogin
[OverrideAuthentication]
[HostAuthentication(DefaultAuthenticationTypes.ExternalCookie)]
[AllowAnonymous]
[Route("ExternalLogin", Name = "ExternalLogin")]
public async Task<IHttpActionResult> GetExternalLogin(string provider, string error = null)
{
if (error != null)
{
return Redirect(Url.Content("~/") + "#error=" + Uri.EscapeDataString(error));
}
if (!User.Identity.IsAuthenticated)
{
return new ChallengeResult(provider, this);
}
ExternalLoginData externalLogin = ExternalLoginData.FromIdentity(User.Identity as ClaimsIdentity);
if (externalLogin == null)
{
return InternalServerError();
}
if (externalLogin.LoginProvider != provider)
{
Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
return new ChallengeResult(provider, this);
}
ApplicationUser user = await UserManager.FindAsync(new UserLoginInfo(externalLogin.LoginProvider,
externalLogin.ProviderKey));
bool hasRegistered = user != null;
if (hasRegistered)
{
Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(UserManager,
OAuthDefaults.AuthenticationType);
ClaimsIdentity cookieIdentity = await user.GenerateUserIdentityAsync(UserManager,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = ApplicationOAuthProvider.CreateProperties(user.UserName);
Authentication.SignIn(properties, oAuthIdentity, cookieIdentity);
}
else
{
IEnumerable<Claim> claims = externalLogin.GetClaims();
ClaimsIdentity identity = new ClaimsIdentity(claims, OAuthDefaults.AuthenticationType);
Authentication.SignIn(identity);
}
return Ok();
}
public async Task LogInAsync(string url, string provider)
{
using (HttpClient client = new HttpClient())
{
string request = url + "/api/Account/ExternalLogin";
var query = HttpUtility.ParseQueryString(string.Empty);
query["provider"] = provider;
query["error"] = "";
request += "?" + query.ToString();
HttpResponseMessage responseMessage = await client.GetAsync(request);
if (responseMessage.IsSuccessStatusCode)
{
string responseContent = await responseMessage.Content.ReadAsStringAsync();
}
}
}
奇怪的是,我从服务器收到这个错误响应:
StatusCode: 400, ReasonPhrase: 'Bad Request', Version: 1.1, Content:System.Net.Http。StreamContent, Headers: {Pragma: no-cache
X-SourceFiles:utf - 8 = ? B RTpcUHJvamVjdFxEYXRpbmdcRGF0aW5nLlNlcnZlclxhcGlcQWNjb3VudFxFeHRlcm5hbExvZ2lu ?=Cache-Control: no-cache Date: Tue, 08 Nov 2016 15:12:33 GMT
服务器:Microsoft-IIS/8.0 X-Powered-By: ASP。NET内容-长度:24内容类型:文本/平原;charset=UTF-8 Expires: -1}
当我尝试在web浏览器中导航各自的链接时,出现同样的错误。在服务器调试时,不会命中此函数的相应入口点。我做错了什么?它是GET动词,所以我应该能够以任何一种方式成功地访问它。
最让我困惑的是,这个函数默认包含在每个WEB API项目中,但是,我找不到任何参考或提及人们在实践中如何使用它。
默认情况下,OAuthServerOptions有以下内容:
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin")
只要去掉那一行,你的ExternalLOgin结束点就会正常工作。
文件:Startup.Auth.cs
由于您正在使用其中一个模板,我假设您的项目使用派生的OAuthAuthorizationServerProvider和几个覆盖的方法。删除一些断点,因为这可能是它失败的地方。