问题
We are trying to make a MVC4 app with Oauth (Gmail) authorisation accessible via a WebAPi. We made a WebAPI controller that returns a list of data, but we cannot put the authorise attribute to work properly.
Right now it is difficult to send the AntiForgeryToken correctly to the server and we get a session_requestverificationtoken error.
Is there a good way to parse and post the correct antiforgery token via Webai? Or is there a better way to login via OAuth via a webapi?
回答1:
Why are you using an AntiForgeryToken with Web API? It's not necessary, just authenticate with your request with OAuth. They are not meant to work together.
来源:https://stackoverflow.com/questions/23560210/antiforgerytoken-does-not-work-well-with-oauth-via-webapi