问题描述
我想开发一个的Web API
与天冬氨酸5
和阅读网络API 意识到我需要承载授权
。结果
搜索后,我找不到任何文件或样品的使用授权,而不 Aspnet.Identity
。我有我自己的会员,我不希望使用身份
结果
我应该使用身份
库?或者是有来实施我的会员授权的方式。
I'm want developing a Web API
with Asp 5
and reading some documents about Web API
realize I need Bearer authorization
.
after searching I can't find any document or sample that use authorization without Aspnet.Identity
. I have my own membership and I don't want to use Identity
Should I use Identity
library? or is there a way to implement authorization in my membership.
一个小方的问题:结果
如果我被迫使用身份如何更改 EntitiyFramework
来像短小精悍
或 ADO.NET
我的的DbContext
?
推荐答案
要颁发自己的JWT令牌,你可以使用。因为它依赖于ASP.NET身份3,你必须创建自己的 IOpenIddictStore
,并在DI系统注册。 @capesean写了一个很酷的博客文章OpenIddict,所以千万不要错过:的
To issue your own JWT tokens, you can use OpenIddict. Since it's tied to ASP.NET Identity 3, you'll have to create your own IOpenIddictStore
and register it in the DI system. @capesean wrote a cool blog post about OpenIddict, so don't miss it: http://capesean.co.za/blog/asp-net-5-jwt-tokens/
另外,您还可以使用:它不依赖于ASP.NET身份或实体框架让你完全自由地实现自己的身份验证程序
Alternatively, you can also use AspNet.Security.OpenIdConnect.Server
(ASOS): it doesn't depend on ASP.NET Identity or Entity Framework so you're totally free to implement your own authentication routine.
下面是如何使用ASOS BETA4(ASP.NET的5 RC1)实现标准的资源所有者密码补助:
Here's how you can implement the standard resource owner password grant using ASOS beta4 (for ASP.NET 5 RC1):
{
"dependencies": {
"Microsoft.AspNet.Server.WebListener": "1.0.0-rc1-final",
"Microsoft.AspNet.Mvc": "6.0.0-rc1-final",
"Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-rc1-final",
"AspNet.Security.OpenIdConnect.Server": "1.0.0-beta4"
}
}
Startup.cs
public class Startup {
public void ConfigureServices(IServiceCollection services) {
services.AddAuthentication();
services.AddCaching();
}
public void Configure(IApplicationBuilder app) {
// Add a new middleware validating access tokens issued by the server.
app.UseJwtBearerAuthentication(options => {
options.AutomaticAuthentication = true;
options.Audience = "resource_server_1";
options.Authority = "http://localhost:50000/";
options.RequireHttpsMetadata = false;
});
// Add a new middleware issuing tokens.
app.UseOpenIdConnectServer(options => {
options.AllowInsecureHttp = true;
options.Provider = new OpenIdConnectServerProvider {
OnValidateClientAuthentication = context => {
// Since there's only one application and it's a public client
// (i.e a client that cannot keep its credentials private),
// call Skipped() to inform the server the request should be
// accepted without enforcing client authentication.
context.Skipped();
return Task.FromResult(0);
},
OnGrantResourceOwnerCredentials = context => {
// Validate the credentials here: you can call Rejected()
// with an error code/description to reject
// the request and return a message to the caller.
// Adding brute-force attacks countermeasures
// is strongly recommended to respect the OAuth2 spec.
var identity = new ClaimsIdentity("Bearer");
identity.AddClaim(ClaimTypes.NameIdentifier, "todo");
// By default, claims are not serialized in the access and
// identity tokens. Use the overload taking a "destination"
// to make sure your claims are correctly inserted
// in the appropriate tokens.
identity.AddClaim("urn:customclaim", "value", "token id_token");
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
context.Options.AuthenticationScheme);
// Call SetResources with the list of resource servers
// the access token should be issued for.
ticket.SetResources(new[] { "resource_server_1" });
// Call SetScopes with the list of scopes you want to grant
// (specify offline_access to issue a refresh token).
ticket.SetScopes(new[] { "profile", "offline_access" });
context.Validated(ticket);
return Task.FromResult<object>(null);
}
};
});
}
}
请求
POST http://localhost:50000/connect/token HTTP/1.1
User-Agent: Fiddler
Host: localhost:50000
Content-Length: 61
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=my_username&password=my_password
响应
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 1687
Content-Type: application/json;charset=UTF-8
Expires: -1
X-Powered-By: ASP.NET
Date: Tue, 16 Jun 2015 01:24:42 GMT
{
"access_token" : "eyJ0eXAiOi ... 5UVACg",
"expires_in" : "3599",
"token_type" : "bearer"
}
这篇关于采用承载/智威汤逊授权不认同的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!