本文介绍了的ASP.NET Web API:如何通过使用URL参数的访问令牌(OAuth 2.0用户)?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

限时删除!!

你有什么想法,我如何使用,由默认的asp.net网页API 2 2的OAuth认证机制产生的access_token,在URL参数。目前,我能够通过发送授权请求成功授权头是这样的:

 接受:应用/ JSON
内容类型:应用程序/ JSON
授权:承载pADKsjwMv927u ...

我要的是能够通过这样的URL参数授权:

  HTTPS://www.domain.com/api/MyController的access_token = pADKsjwMv927u ...


解决方案

嘛 - 我同意的标题是一个更好的选择 - 但也有在需要查询字符串过程中的情况。该的OAuth2规范定义它。

不管怎么说 - 该功能内置于武士刀的OAuth2中间件:

http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/

 公共类QueryStringOAuthBearerProvider:OAuthBearerAuthenticationProvider
{
    只读字符串_name;    公共QueryStringOAuthBearerProvider(字符串名称)
    {
        _name =名称;
    }    公众覆盖任务RequestToken(OAuthRequestTokenContext上下文)
    {
        VAR值= context.Request.Query.Get(_name);        如果(!string.IsNullOrEmpty(值))
        {
            context.Token =价值;
        }        返回Task.FromResult<对象>(NULL);
    }
}

和则:

  VAR选项=新JwtBearerAuthenticationOptions
{
    AllowedAudiences =新[] {}观众,
    IssuerSecurityTokenProviders =新[]
        {
            新SymmetricKeyIssuerSecurityTokenProvider(
                发行人,
                signingKey)
        },
    供应商=新QueryStringOAuthBearerProvider(的access_token)
};

Do you have any idea how I can use, an access_token generated by the default asp.net web api 2 OAuth 2 authorization mechanism, in the url parameters. Currently I am able to authorize successfully by sending a request with Authorization header like this:

Accept: application/json
Content-Type: application/json
Authorization: Bearer pADKsjwMv927u...

What I want is to enable the authorization through URL parameter like this:

https://www.domain.com/api/MyController?access_token=pADKsjwMv927u...
解决方案

Well - I agree that the header is a much better alternative - but there are of course situations where the query string is needed. The OAuth2 spec defines it as well.

Anyways - this feature is built into the Katana OAuth2 middleware:

http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/

public class QueryStringOAuthBearerProvider : OAuthBearerAuthenticationProvider
{
    readonly string _name;

    public QueryStringOAuthBearerProvider(string name)
    {
        _name = name;
    }

    public override Task RequestToken(OAuthRequestTokenContext context)
    {
        var value = context.Request.Query.Get(_name);

        if (!string.IsNullOrEmpty(value))
        {
            context.Token = value;
        }

        return Task.FromResult<object>(null);
    }
}

And then:

var options = new JwtBearerAuthenticationOptions
{
    AllowedAudiences = new[] { audience },
    IssuerSecurityTokenProviders = new[]
        {
            new SymmetricKeyIssuerSecurityTokenProvider(
                issuer,
                signingKey)
        },
    Provider = new QueryStringOAuthBearerProvider("access_token")
};

这篇关于的ASP.NET Web API:如何通过使用URL参数的访问令牌(OAuth 2.0用户)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

1403页,肝出来的..

09-06 15:46