问题
I implemented OAuth2 in my mvc web api project.I got the token but when I call the web api methods with this token the call will return 403 forbidden.I also called the same web api without the token it's working.Here is my token call:
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
AccountLogin LogCredentials = new AccountLogin();
LogCredentials.UserName = context.UserName;
LogCredentials.Password = context.Password;
LogCredentials.IPAddress = "::1";
string webHost = Convert.ToString(WebConfigurationManager.AppSettings["webHost"]);
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { webHost });
ProviderLoginResponse providerLoginResponse = MembershipService.UserLogin(LogCredentials);
if (providerLoginResponse.LoginStatus != "Y")
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return Task.FromResult<object>(null);
}
var claims = new List<Claim>()
{
new Claim(ClaimTypes.Sid, Convert.ToString(providerLoginResponse.UserID)),
new Claim(ClaimTypes.Name, providerLoginResponse.UserName),
new Claim(ClaimTypes.Email, providerLoginResponse.UserEmail)
};
ClaimsIdentity oAuthIdentity = new ClaimsIdentity(claims,
Startup.OAuthOptions.AuthenticationType);
AuthenticationProperties properties = CreateProperties(providerLoginResponse);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
return Task.FromResult<object>(null);
}
Here is my api method:
[HttpGet]
[Route("GetColumn")]
public HttpResponseMessage GetColumn(HttpRequestMessage request)
{
string tableName = "";
HttpResponseMessage response = null;
try
{
var clientList = _settingsService.GetColumns(tableName);
response = request.CreateResponse(HttpStatusCode.OK, new APIResponse { Status = true, Data = clientList, Message = Messages.Saved_Success });
}
catch (Exception ex)
{
response = request.CreateResponse(HttpStatusCode.OK, new APIResponse { Status = false, Data = null, Message = ex.Message });
}
return response;
}
My api call is :
function GetColumn(data, cb) {
var token = sessionStorage.getItem('accessToken');
var headers = {};
if (token) {
headers.Authorization = 'Bearer ' + token;
}
$.ajax({
type: 'GET',
url: "api/Settings/GetColumn",
headers: headers
}).done(function (data) {
cb(data);
}).fail(function (Res) {
cb(Res);
});
};
I also tried the postman by passing the Authorization token but still got the 403.I searched the web for this problem but nothing will solve my problem .Why it is behaving like this?
来源:https://stackoverflow.com/questions/48619685/oauth-web-api-call-returns-403-forbidden