asp.net - 无法在 Azure ASP.NET 后端对 MobileServiceClient 进行身份验证
问题描述
我有基于 Visual Studio 2019 模板的 ASP.NET Web 应用程序 (.NET Framework),并带有个人用户帐户的自定义身份验证。
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context and user manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Configure the application for OAuth based flow
PublicClientId = "self";
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(10),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = false
};
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
}
它适用于邮递员。我能够获得标记为 [Authorize] 的令牌和访问控制器
我正在为用于离线同步的 MobileServiceClient 身份验证而苦苦挣扎。客户端是这样初始化的:
client = new MobileServiceClient(App.BackendUrl, new NativeMessageHandler());
public async Task LoginAsync(string username, string password)
{
try
{
var token = await GetAuthenticationToken(username, password);
MobileServiceUser user = new MobileServiceUser(token.userName);
user.MobileServiceAuthenticationToken = token.Access_Token;
client.CurrentUser = user;
}
catch (InvalidGrantException)
{
throw;
}
catch (MobileServiceInvalidOperationException ex)
{
throw;
}
catch (Exception ex)
{
Crashes.TrackError(ex);
Debug.WriteLine(ex);
throw;
}
}
private async Task<AuthenticationToken> GetAuthenticationToken(string username, string password)
{
var keyValues = new List<KeyValuePair<string, string>>
{
new KeyValuePair<string, string>("username", username),
new KeyValuePair<string, string>("password", password),
new KeyValuePair<string, string>("grant_type", "password")
};
HttpContent httpContent = new FormUrlEncodedContent(keyValues);
httpContent.Headers.ContentType = new MediaTypeHeaderValue("application/x-www-form-urlencoded");
try
{
var response = await client.InvokeApiAsync("/token",
httpContent,
HttpMethod.Post,
null,
null);
return JsonConvert.DeserializeObject<AuthenticationToken>(await response.Content.ReadAsStringAsync());
}
catch (MobileServiceInvalidOperationException exception)
{
if (string.Equals(exception.Message, "invalid_grant"))
throw new InvalidGrantException("invalid credentials", exception);
else
throw;
}
}
这里有一些测试代码:
public async Task InitializeAsync()
{
if (client?.SyncContext?.IsInitialized ?? false)
return;
// Create a reference to the local sqlite store
const string path = "syncstore.db";
var store = new MobileServiceSQLiteStore(path);
// Define the database schema
store.DefineTable<Brand>(); brandTable = new AzureCloudTable<Brand>(client, null);
// Actually create the store and update the schema
try
{
await client.SyncContext.InitializeAsync(store);
}
catch (Exception ex)
{
Crashes.TrackError(ex);
Debug.WriteLine(ex);
}
}
async Task Test(string username, string password)
{
await LoginAsync("Simulator8", " ");
await InitializeAsync();
//Test pull
try
{
await brandTable.PullAsync();
}
catch (Exception ex)
{
}
}
测试抛出异常:
+ ex {Microsoft.WindowsAzure.MobileServices.MobileServiceInvalidOperationException:请求无法完成。(未经授权)在 Microsoft.WindowsAzure.MobileServices.MobileServiceHttpClient.ThrowInvalidResponse(System.Net.Http.HttpRequestMessage 请求,System.Net.Http.HttpResponseMessage 响应)[0x001d2] 在:0 在 Microsoft.WindowsAzure.MobileServices.MobileServiceHttpClient.SendRequestAsync(系统.Net.Http.HttpClient 客户端,System.Net.Http.HttpRequestMessage 请求,System.Boolean ensureResponseContent,System.Threading.CancellationToken cancelToken) [0x00121] 在 Microsoft.WindowsAzure.MobileServices.MobileServiceHttpClient.RequestAsync (System.Boolean UseHandlers) 处:0 , System.Net.Http.HttpMethod 方法, System.String uriPathAndQuery, Microsoft.WindowsAzure.MobileServices.MobileServiceUser 用户, System.
2[TKey,TValue] requestHeaders, System.Threading.CancellationToken cancellationToken) [0x000f0] in <d385e67aff524dc7bd2d27425b9e81ae>:0 at Microsoft.WindowsAzure.MobileServices.MobileServiceTable.ReadAsync (System.String uriString, Microsoft.WindowsAzure.MobileServices.MobileServiceFeatures features) [0x0009c] in <d385e67aff524dc7bd2d27425b9e81ae>:0 at Microsoft.WindowsAzure.MobileServices.MobileServiceTable.ReadAsync (System.String query, System.Collections.Generic.IDictionary2[TKey,TValue] 参数,Microsoft.WindowsAzure.MobileServices.MobileServiceFeatures 功能)[0x00136] 在 Microsoft.WindowsAzure.MobileServices.Sync.PullAction.ProcessTableAsync () [0x00134] 在 :0 在 Microsoft.WindowsAzure.MobileServices。 Sync.TableAction.ExecuteAsync () [0x00251] 在 Microsoft.WindowsAzure.MobileServices.Sync.MobileServiceSyncContext.ExecuteSyncAction 的 0 中(Microsoft.WindowsAzure.MobileServices.Sync.SyncAction 操作)[0x00090] 在 Microsoft.WindowsAzure.MobileServices 的 0 中。 Sync.MobileServiceSyncContext.PullAsync(System.String tableName,Microsoft.WindowsAzure.MobileServices.Sync.MobileServiceTableKind tableKind,System.String queryId,System.String 查询,Microsoft.WindowsAzure.MobileServices.MobileServiceRemoteTableOptions 选项,System.Collections.Generic.IDictionary2[TKey,TValue] parameters, System.Collections.Generic.IEnumerable1[T] 相关表,Microsoft.WindowsAzure.MobileServices.MobileServiceObjectReader 阅读器,System.Threading.CancellationToken cancelToken,Microsoft.WindowsAzure.MobileServices.Sync.PullOptions pullOptions) [0x00361] 在:0
- 如果我尝试在邮递员的 token.Access_Token 中收到的令牌,它可以工作
- 如果我尝试在没有 [Authorize] 的情况下与控制器同步,它会起作用。
- 这是来自 Azure 日志流的消息:
*2020-04-15 18:20:10 xxxBACKENDxxx POST /token X-ARR-LOG-ID=c0abefa4-8754-47e2-966d-add7716e6a95 443 - 000.000.000 ZUMO/4.1+(lang=Managed;+os=iOS ;+os_version=13.3;+arch=MacOSX;+version=4.1.2.0) - - xxxBACKENDxxx.azurewebsites.net 200 0 0 1825 1377 6312
2020-04-15 18:20:10 xxxBACKENDxxx GET /tables/Brand $filter=(updatedAt%20ge%20datetimeoffset'2020-04-06T21%3A05%3A17.7200000%2B00%3A00')&$orderby=updatedAt&$skip =0&$top=50&__includeDeleted=true&X-ARR-LOG-ID=287a5464-caad-43be-a3c5-25245e0f9f49 443 Simulator8 000.000.000 ZUMO/4.1+(lang=Managed;+os=iOS;+os_version=13.3;+arch =MacOSX;+版本=4.1.2.0) ARRAffinity=62f587f816224cc3b867889be38db42f5322e4bdb4b71703dac6a261166d1545;+.AspNet。Cookies=rpLpkcIS9jfvK1FyWL6q-2_5ImjYFR9yB1ZiIPd4iiTxHAGL5A0CFu4qihtFZmu-GKKQzVQ5hoxReQGQVpS7w2a0jnjvvFL4dpe_wS9_7nfTxMTBuDXiKDHGZBakbd28UR1CWvyq7iFDUI8AkKj1zrM2uYz93kpg1WMQCSx-Z3tREike74S3LqUOCnRuPjil-wMqOzDDDTJKL9JLQZ750MbQbT_-DLmj31qMa55emfGgUcSEM7I5ksMD2IIMvEeAEqwsp-XKyhp17utOTy5OepSqO8lxrGLng96GY-shVFBP4gDt7YP2bNS3RCtXkCWSOve4g7ckWDud8SAOk1KRpkj4k-B9ZogpAqc9Zuz0idTBruY3HZ3sTHCw__atnd8DQVwNQtEu8kX1Cz2WFbkO35GHOULA7TvKyGiJu-LOpf2-SZPoNl12lqH0jdvT1kI32WF2RDKbQ2W9eyWzURHOsUvekcg5EJOZUDEehXYfbo0 - xxxBACKENDxxx.azurewebsites.net 401 0 0 543 2837 46*
用户名正确。但是,如果我不从 LoginAsync 调用 GetAuthenticationToken 并将令牌手动传递给 user.MobileServiceAuthenticationToken 那么结果是:
//var token = await GetAuthenticationToken(username, password);
MobileServiceUser user = new MobileServiceUser(username);
user.MobileServiceAuthenticationToken = "bearer _F-Bd8_74ZGV2gmKN4dkjPIRgZh7keYa-nIKpbjvSlfBV9wP2Reu9Z9Spy1eqK47LRdnXxKlMsZ5...
client.CurrentUser = user;
2020-04-15 18:15:34 xxxBACKENDxxx GET /tables/Brand $filter=(updatedAt%20ge%20datetimeoffset'2020-04-06T21%3A05%3A17.7200000%2B00%3A00')&$orderby=updatedAt&$skip =0&$top=50&__includeDeleted=true&X-ARR-LOG-ID=c3bcf13e-b270-4d58-897f-58cfb9727e56 443 - 000.000.000。ZUMO/4.1+(lang=Managed;+os=iOS;+os_version=13.3;+arch=MacOSX;+version=4.1.2.0) - - xxxBACKENDxxx.azurewebsites.net 401 0 0 543 2249 4625
因此,设置用户似乎没有任何效果。
为什么我无法验证我的 MobileServiceClient 的任何想法?
解决方案
有必要在标题“授权”中发送一个令牌。我创建了一个用于 HttpMessageHandler 的类
public class AuthHandler : DelegatingHandler
{
public IMobileServiceClient Client { get; set; }
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (Client.CurrentUser != null)
request.Headers.Add("Authorization", "bearer " + Client.CurrentUser.MobileServiceAuthenticationToken);
return base.SendAsync(request, cancellationToken);
}
}
我用它来初始化客户端
var handlers = new AuthHandler();
client = new MobileServiceClient(App.BackendUrl, handlers);
handlers.Client = client;
推荐阅读
- java - 将表单字段添加到 pdfBox 中的旋转页面
- kotlin - R3 Corda - java.lang.IllegalArgumentException:CollectSignaturesFlow 的发起者必须签署交易
- c# - 如何将 .Net 核心选项模式与包含句点的环境变量一起使用?
- emulation - 如何将 QEMU 模拟机器中的 GPIO 连接到主机中的对象?
- angular - 如果返回类型取决于参数,为什么/如何使参数成为可选?
- python - 在 Python 中解析 opencv updateMotionHistory 的输出
- salesforce - 使用时刻 js 验证不存在的日期
- c - 更改指针的地址
- html - 仅在 iPhone x 上拉伸的图像
- c++ - 如何在成员初始化器列表之外初始化类成员