I have WebApi 2 and an MVC web project in the same solution as on different IIS ports. Having received my Oauth token using jQuery AJAX, I still get the 401 Unauthorized error message when trying to call an authorized controller method.
Startup:
public void Configuration(IAppBuilder app)
{
HttpConfiguration httpConfig = new HttpConfiguration();
ConfigureOAuthTokenGeneration(app);
ConfigureOAuthTokenConsumption(app);
ConfigureWebApi(httpConfig);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(httpConfig);
}
CustomOAuthProvider:
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
var userManager = context.OwinContext.GetUserManager<UserManager>();
User user = await userManager.FindAsync(context.UserName, context.Password);
ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, "JWT");
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, "User"));
var ticket = new AuthenticationTicket(oAuthIdentity, null);
context.Validated(ticket);
}
Thinks I tried out. I get "Authorization was rejected for this request." error message when using OWIN oAuth middleware (with a separate Auth server and Resource Server) :
- Updating all Owin packages to the latest version (the web project does not use any Owin features, so it is not installed here).
- Api and web are different projects, but on the same machine, just like in the machine.
- OAuth Token WebApi Startup.cs.
- : oAuthIdentity (http://schemas.microsoft.com/ws/2008/06/identity/claims/role: )
(-, , ,...), ? ( , , .
EDIT:
Ajax call ( jumuro):
var token = sessionStorage.getItem(tokenKey);
$.ajax({
type: 'POST',
beforeSend: function (xhr) { xhr.setRequestHeader('Authorization', 'Bearer ' + token) },
url: 'http://localhost:81/api/auth/test',
contentType: 'application/json; charset=utf-8'
}).done(function (data) {
});