WebAPIのカスタムデータベースに対するトークン認証

Question

自分のデータベースに対してトークン認証を実装しようとしています。私の設定方法は

public void ConfigureAuth(IAppBuilder app) 
{ 
     // Configure the db context and user manager to use a single instance per request 
     app.CreatePerOwinContext(ApplicationDbContext.Create); 
     app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create); 

     // Enable the application to use a cookie to store information for the signed in user 
     // and to use a cookie to temporarily store information about a user logging in with a third party login provider 
     app.UseCookieAuthentication(new CookieAuthenticationOptions()); 
     app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie); 

     // Configure the application for OAuth based flow 
     PublicClientId = "self"; 
     OAuthOptions = new OAuthAuthorizationServerOptions 
     { 
      TokenEndpointPath = new PathString("/Token"), 
      Provider = new CustomOAuthProvider(), 
      AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), 
      AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), 
      // In production mode set AllowInsecureHttp = false 
      AllowInsecureHttp = true 
     }; 

     // Enable the application to use bearer tokens to authenticate users 
     app.UseOAuthBearerTokens(OAuthOptions); 
} 

あなたが見ることができるように、私は

public class CustomOAuthProvider : OAuthAuthorizationServerProvider 
{ 
    public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) 
    { 
     context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] {"*"}); 

     IUsersService userService = DependencyResolver.Current.GetService<IUsersService>(); 
     if (!userService.CheckCredentials(context.UserName, context.Password)) 
     { 
      context.SetError("invalid_grant", "The user name or password is incorrect"); 
      return Task.FromResult<object>(null); 
     } 

     var identity = new ClaimsIdentity("JWT"); 

     identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName)); 
     identity.AddClaim(new Claim("sub", context.UserName)); 
     identity.AddClaim(new Claim(ClaimTypes.Role, "User")); 

     var props = new AuthenticationProperties(new Dictionary<string, string> 
     { 
      { 
       "audience", context.ClientId ?? string.Empty 
      } 
     }); 

     var ticket = new AuthenticationTicket(identity, props); 
     context.Validated(ticket); 
     return Task.FromResult<object>(null); 
    } 
} 

を次のようにGrantResourceOwnerCredentialsメソッドをオーバーライドCustomOAuthProviderクラスを使用しかし、いつでも、私はバイオリン弾き経由でトークンを要求することで、私は400 =不正取得します要求。

私が間違って何をやっている:)同じ悩みを持つ

Answer 1

誰でも、ちょうどこの記事に従って、それはそれはすべてが動作するようにGrantResourceOwnerCredentialsメソッドをオーバーライドする方法を示しています？

http://www.hackered.co.uk/articles/asp-net-mvc-creating-an-oauth-password-grant-type-token-endpoint

を

public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) 
{ 
    var user = userService.GetUser(context.UserName, context.Password); 
    var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType); 
    oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, user.Name)); 
    var ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties()); 
    context.Validated(ticket); 
    return base.GrantResourceOwnerCredentials(context); 
}