拒绝令牌请求时自定义OWIN / OAuth HTTP状态代码

这就是我们覆盖OwinMiddleware的方式……首先我们在Owin之上创建了自己的中间件……我认为我们遇到了类似的问题。

首先需要创建一个常量：

 public class Constants { public const string OwinChallengeFlag = "X-Challenge"; } 

我们覆盖了OwinMiddleware

 public class AuthenticationMiddleware : OwinMiddleware { public AuthenticationMiddleware(OwinMiddleware next) : base(next) { } public override async Task Invoke(IOwinContext context) { await Next.Invoke(context); if (context.Response.StatusCode == 400 && context.Response.Headers.ContainsKey(Constants.OwinChallengeFlag)) { var headerValues = context.Response.Headers.GetValues(Constants.OwinChallengeFlag); context.Response.StatusCode = Convert.ToInt16(headerValues.FirstOrDefault()); context.Response.Headers.Remove(Constants.OwinChallengeFlag); } } } 

在startup.Auth文件中，我们允许调用Invoke Owin命令

 public void ConfigureAuth(IAppBuilder app) .... app.Use(); //Allows override of Invoke OWIN commands .... } 

在ApplicationOAuthProvider中，我们修改了GrantResourceOwnerCredentials。

 public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { using (UserManager userManager = _userManagerFactory()) { IdentityUser user = await userManager.FindAsync(context.UserName, context.Password); if (user == null) { context.SetError("invalid_grant", "The user name or password is incorrect."); context.Response.Headers.Add(Constants.OwinChallengeFlag, new[] { ((int)HttpStatusCode.Unauthorized).ToString() }); //Little trick to get this to throw 401, refer to AuthenticationMiddleware for more //return; } ....