授权角色WebAPI oauth owin

您必须添加GrantResourceOwnerCredentials方法：

 identity.AddClaim(new Claim(ClaimTypes.Role, "admins")); 

---

一步步

在StartUp.cs类中，您应该有一个自定义提供程序，如行

 Provider = new CustomAuthorizationServerProvider() 

例如：

 public void ConfigureOAuth(IAppBuilder app) { OAuthAuthorizationServerOptions oAuthServerOptions = new OAuthAuthorizationServerOptions { AllowInsecureHttp = true, TokenEndpointPath = new PathString("/token"), AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(30), Provider = new CustomAuthorizationServerProvider() }; // Token Generation app.UseOAuthAuthorizationServer(oAuthServerOptions); app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); } 

然后，inheritance自OAuthAuthorizationServerProvider类的CustomAuthorizationServerProvider将覆盖GrantResourceOwnerCredentials（OAuthGrantResourceOwnerCredentialsContext上下文） 。

然后，在检查用户具有正确的用户名和密码后，您必须添加

 var identity = new ClaimsIdentity(context.Options.AuthenticationType); ... // other claims ... identity.AddClaim(new Claim(ClaimTypes.Role, "admins")); ... var ticket = new AuthenticationTicket(identity, properties); context.Validated(ticket); 

编辑

您可以从DB获取用户角色，而不是使用“admins”编码字符串执行：

 var roles = await userManager.GetRolesAsync(userId); 

因此，您可以在存储库中添加以下方法：

 public async Task> UserRoles(string userId) { IList roles = await userManager.GetRolesAsync(userId); return roles; } 

然后从覆盖的GrantResourceOwnerCredentials中调用它，添加：

 using (AuthRepository repository = new AuthRepository()) { IdentityUser user = await repository.FindUser(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect"); return; } var roles = repository.UserRoles(user.Id); }