How do you reject a Katana Bearer token's identity

How can I reject An identity? My class inherits from OAuthBearerAuthenticationProvider and I have an override of ValidateIdentity?

I have tried setting context.Rejected(); or context.SetError(); and throwing an exception but my controllers still get called. OAuthBearerAuthenticationHandler does call my class so I know I have the setup correct.

my current failing code

        public void ConfigureAuth ( IAppBuilder app )
        {
            // Enable the application to use a cookie to store information for the signed in user
            // and to use a cookie to temporarily store information about a user logging in with a third party login provider
            app.UseCookieAuthentication(new CookieAuthenticationOptions());
            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

            // Enable the application to use bearer tokens to authenticate users
            app.UseOAuthBearerAuthentication ( new OAuthBearerAuthenticationOptions ()
            {
                Provider = new OAuthBearerAuthenticationProvider ()
                {
                    OnValidateIdentity = async ctx => { ctx.Rejected (); }
                }
            } );
            app.UseOAuthBearerTokens(OAuthOptions);
}

I couldn't repro the issue. Could you check your implementation of OnValidateIdentity is the same?

        OAuthBearerOptions = new OAuthBearerAuthenticationOptions()
        {
            Provider = new OAuthBearerAuthenticationProvider
            {
                OnValidateIdentity = async ctx =>
                    {
                        ctx.Rejected();
                    }
            }
        };

来源：https://stackoverflow.com/questions/19552991/how-do-you-reject-a-katana-bearer-tokens-identity

标签

asp.net-web-api

owin

katana

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!