c# – OAuth令牌和自定义错误

2019年7月21日 290次阅读

在我的ASP.NET应用程序中,我以这种方式覆盖了OAuth GrantResourceOwnerCredentials:

public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
    using (var userManager = _userManagerFactory())
    {
         var user = await userManager.FindAsync(context.UserName, context.Password);

         if (user == null)
         {
             context.Rejected();
             context.SetError("invalid_grant", "Invalid username or password");
             return;
         }

令牌终点:

OAuthOptions = new OAuthAuthorizationServerOptions
        {
            AuthenticationMode = AuthenticationMode.Active,
            TokenEndpointPath = new PathString("/Token"),

它工作,我收到错误客户端:

responseText: "{"error":"invalid_grant"...ame or password"}"
responseJSON: Object { error="invalid_grant",  error_description="Invalid username or password"}
status: 400
statusText: "Bad Request"

现在,如果我尝试在web.config文件中配置自定义错误:

<httpErrors errorMode="Custom" existingResponse="Replace">
  <remove statusCode="403" subStatusCode="-1"/>
  <remove statusCode="404" subStatusCode="-1"/>
  <remove statusCode="500" subStatusCode="-1"/>
  <error statusCode="403" path="/Error/Unauthorized" responseMode="ExecuteURL"/>
  <error statusCode="404" path="/Error/NotFound" responseMode="ExecuteURL"/>
  <error statusCode="500" path="/Error/ServerError" responseMode="ExecuteURL"/>
</httpErrors>

我收到一个没有JSON消息的错误请求:

responseText:"Bad Request"
status  400
statusText:"Bad Request"

我认为自定义错误会影响所有请求并阻止预期的行为.

我试图在web.config中添加它:

<location path="Token">
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <httpErrors errorMode="DetailedLocalOnly" existingResponse="PassThrough">
      <clear />
    </httpErrors>
  </system.webServer>
</location>

它适用于使用IIS Express的开发人员计算机,但生产服务器上的IIS 8.5似乎忽略了它.

您可以从here下载示例项目.只需转到登录页面并按登录按钮.我还评论了web.config文件.

有人能指出我正确的方向吗?

最佳答案 经过几天的研究,我终于开始工作了.

我改变了覆盖配置:

<location path="Token">
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false" />

    <httpErrors errorMode="DetailedLocalOnly" existingResponse="PassThrough">
      <clear />
    </httpErrors>

  </system.webServer>
</location>

至:

<location path="Token">
    <system.webServer>
       <validation validateIntegratedModeConfiguration="false" />

       <httpErrors errorMode="DetailedLocalOnly" existingResponse="PassThrough" />

    </system.webServer>
</location>

有人可以解释这个区别吗?

点赞