我正在使用分离的资源和身份验证服务器.当我成功获得JSON Web Token时,我使用jwt.io进行检查,所有内容都可以使用令牌格式,这是秘密.
请求带有授权标头:
Authorization: Bearer TOKEN_HERE
响应总是"401 Unauthorized":
{
"message": "Authorization has been denied for this request."
}
这是我的资源服务器的Startup.cs
using Microsoft.Owin;
using Microsoft.Owin.Cors;
using Microsoft.Owin.Security;
using Microsoft.Owin.Security.Jwt;
using Newtonsoft.Json.Serialization;
using Owin;
using System.Web.Http;
using Test.Database;
using Test.Infrastructure;
using Microsoft.WindowsAzure.ServiceRuntime;
[assembly: OwinStartup(typeof(Test.API.Startup))]
namespace Custodesk.API
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
app.CreatePerOwinContext(() =>
ApplicationDbContext.Create(RoleEnvironment.GetConfigurationSettingValue("SqlConnectionString")));
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
GlobalConfiguration.Configuration.SuppressDefaultHostAuthentication();
ConfigureOAuthTokenConsumption(app);
GlobalConfiguration.Configure(config =>
{
//global filters
config.Filters.Add(new AuthorizeAttribute());
// Web API routes
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "{controller}/{action}/{id}",
defaults: new { …