Geek Answers Handbook

Debugging the login endpoint (/ token) of WebApi2

Using .NET WebApi2: When I try to log into the WebApi system using / token, I get 500 internal endpoint server errors.

I know there are some configuration options in Startup.Auth, but is there anyway I can set a breakpoint or see what is displayed on the server? (say, before authentication occurs, and after - does not look for a solution to intercept Fiddler type).

+7
oauth asp.net-web-api2
source share
3 answers

debug GrantResourceOwnerCredentials method in Providers / ApplicationOAuthProvider.cs

+11
source share

You can configure Visual Studio to break in all exceptions, and then get additional information about your error when creating it.

In Visual Studio 2013, the debug menu, Exceptions, check both ckecks associated with CLR exceptions, as shown in the image:

enter image description here

0
source share

you can debug it ... but you need to implement your own ApplicationOAuthProvider, which should inherit from this class: OAuthAuthorizationServerProvider

For example:

public class MyTokenProvider : OAuthAuthorizationServerProvider { private readonly string _publicClientId; public MyTokenProvider(string publicClientId) { if (publicClientId == null) { throw new ArgumentNullException("publicClientId"); } _publicClientId = publicClientId; } public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { var userManager = context.OwinContext.GetUserManager<ApplicationUserManager>(); ApplicationUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); return; } ClaimsIdentity oAuthIdentity = await user.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType); ClaimsIdentity cookiesIdentity = await user.GenerateUserIdentityAsync(userManager, CookieAuthenticationDefaults.AuthenticationType); AuthenticationProperties properties = CreateProperties(user.UserName); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties); context.Validated(ticket); context.Request.Context.Authentication.SignIn(cookiesIdentity); } public override Task TokenEndpoint(OAuthTokenEndpointContext context) { foreach (KeyValuePair<string, string> property in context.Properties.Dictionary) { context.AdditionalResponseParameters.Add(property.Key, property.Value); } return Task.FromResult<object>(null); } public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { // Resource owner password credentials does not provide a client ID. if (context.ClientId == null) { context.Validated(); } return Task.FromResult<object>(null); } public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context) { if (context.ClientId == _publicClientId) { Uri expectedRootUri = new Uri(context.Request.Uri, "/"); if (expectedRootUri.AbsoluteUri == context.RedirectUri) { context.Validated(); } } return Task.FromResult<object>(null); } public static AuthenticationProperties CreateProperties(string userName) { IDictionary<string, string> data = new Dictionary<string, string> { { "userName", userName } }; return new AuthenticationProperties(data); } }

Obviously, you will need to install it as the default provider, and this can be done using Startup.Auth.cs

Example:

  OAuthOptions = new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new MyTokenProvider(PublicClientId), AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), AllowInsecureHttp = true };

Then you can debug it :)

-one
source share

More articles:


All Articles