我有一个非常简单的"ASP.NET Core Web应用程序(.NET Framework)"应用程序,该应用程序应成为REST API,将托管在Azure上,用于网站&移动应用.
I have a pretty much boilerplate "ASP.NET Core Web Application (.NET Framework)" application, that should become a REST API, to be hosted on Azure, for use for a website & mobile app.
I want to equip it with token authentication through the headers, and I have chosen for the OpenIdConnect package.
我已经从此页面复制了代码段( https://github. com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server )添加到我的模板中,并添加了app.UseOAuthValidation()调用,因此代码如下所示:
I have copypasted the snippets from this page (https://github.com/aspnet-contrib/AspNet.Security.OpenIdConnect.Server) into my template, and added the app.UseOAuthValidation() call, so the code looks like this:
public void ConfigureServices(IServiceCollection services)
// Add framework services.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
app.UseOpenIdConnectServer(options =>
//..... Copy-paste from the OpenIdConnect page
OnValidateTokenRequest = context => { ... }
OnHandleTokenRequest = context => { ... }
I am able to get a token (POST to /connect/token).
如果我将[Authorize]添加到我的ValuesController中以获取GET并使用令牌设置Authorization标头,但我会继续获得401 Unauthorized.该代码甚至不会中断OnValidateTokenRequest或OnHandleTokenRequest方法.
If I add an [Authorize] to my ValuesController to GET and set the Authorization header with the token but I keep on getting a 401 Unauthorized. The code doesn't even break into the OnValidateTokenRequest or OnHandleTokenRequest methods.
让我简短地解释一下.您的REST API将不是OpenIDConnect服务器.它应该只对分配给它的令牌进行身份验证.
Let me explain shortly. Your REST API will not be the OpenIDConnect server. It should just authenticate a token given to it.
本文看起来不错: https://contos.io/protecting-a-net-core-api-with-azure-active-directory-59bbcd5b3429#.1w8djbaci 此示例使用Azure AD,但是由于您托管在Azure上,我认为这对您来说是个不错的选择.
This article looks pretty good: https://contos.io/protecting-a-net-core-api-with-azure-active-directory-59bbcd5b3429#.1w8djbaci This example uses Azure AD, but since you are hosting on Azure, I assume that would be a good option for you.
In short, you need something like this in your API:
app.UseJwtBearerAuthentication(new JwtBearerOptions
Authority = Configuration["Authentication:AzureAd:AADInstance"]
+ Configuration["Authentication:AzureAd:TenantId"],
Audience = Configuration["Authentication:AzureAD:ClientId"],
TokenValidationParameters =
new Microsoft.IdentityModel.Tokens.TokenValidationParameters
ValidIssuer =
Configuration ["Authentication:AzureAd:AADInstance"]
+ Configuration["Authentication:AzureAd:TenantId"] + "/v2.0" }
这篇关于带有OpenIdConnect的ASP.NET Core上针对移动应用程序和网站的经过身份验证的REST API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!