授权角色WebAPI oauth-owin

您必须添加GrantRourceOwnerCredentials方法：

identity.AddClaim(new Claim(ClaimTypes.Role, "admins"));

逐步

在StartUp.cs类中，应该有一个自定义提供程序，如行

Provider = new CustomAuthorizationServerProvider()

例如：

public void ConfigureOAuth(IAppBuilder app)
{
    OAuthAuthorizationServerOptions oAuthServerOptions = new OAuthAuthorizationServerOptions
    {
        AllowInsecureHttp = true,
        TokenEndpointPath = new PathString("/token"),
        AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30),
        Provider = new CustomAuthorizationServerProvider()
    };
    // Token Generation
    app.UseOAuthAuthorizationServer(oAuthServerOptions);
    app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}

然后，从OAuthAuthorizationServerProvider类继承的CustomAuthorizationServer Provider将覆盖GrantResourceOwnerCredentials（OAuthGrantResortResourceOwnerCredentialsContext上下文）。

然后，在检查用户是否具有正确的用户名和密码后，您必须添加

var identity = new ClaimsIdentity(context.Options.AuthenticationType);
...
// other claims
...
identity.AddClaim(new Claim(ClaimTypes.Role, "admins"));
...
var ticket = new AuthenticationTicket(identity, properties);
context.Validated(ticket);

已编辑

您可以从DB中获取用户角色，而不是使用"admins"harcoded字符串执行：

var roles = await userManager.GetRolesAsync(userId);

因此，您可以在存储库中添加以下方法：

public async Task<IList<string>> UserRoles(string userId)
{
    IList<string> roles = await userManager.GetRolesAsync(userId);
    return roles;
}

然后从您被高估的GrantResourceOwnerCredentials添加中调用：

using (AuthRepository repository = new AuthRepository())
{
    IdentityUser user = await repository.FindUser(context.UserName, context.Password);
    if (user == null)
    {
        context.SetError("invalid_grant", "The user name or password is incorrect");
        return;
    }
    var roles = repository.UserRoles(user.Id);
}