本文介绍了采用承载/智威汤逊授权不认同的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

限时删除!!

我想开发一个的Web API 天冬氨酸5 和阅读网络API 意识到我需要承载授权。结果
搜索后,我找不到任何文件或样品的使用授权,而不 Aspnet.Identity 。我有我自己的会员,我不希望使用身份结果
我应该使用身份库?或者是有来实施我的会员授权的方式。

I'm want developing a Web API with Asp 5 and reading some documents about Web API realize I need Bearer authorization.
after searching I can't find any document or sample that use authorization without Aspnet.Identity. I have my own membership and I don't want to use Identity
Should I use Identity library? or is there a way to implement authorization in my membership.

一个小方的问题:结果
如果我被迫使用身份如何更改 EntitiyFramework 来像短小精悍 ADO.NET 我的的DbContext

推荐答案

要颁发自己的JWT令牌,你可以使用。因为它依赖于ASP.NET身份3,你必须创建自己的 IOpenIddictStore ,并在DI系统注册。 @capesean写了一个很酷的博客文章OpenIddict,所以千万不要错过:的

To issue your own JWT tokens, you can use OpenIddict. Since it's tied to ASP.NET Identity 3, you'll have to create your own IOpenIddictStore and register it in the DI system. @capesean wrote a cool blog post about OpenIddict, so don't miss it: http://capesean.co.za/blog/asp-net-5-jwt-tokens/

另外,您还可以使用:它不依赖于ASP.NET身份或实体框架让你完全自由地实现自己的身份验证程序

Alternatively, you can also use AspNet.Security.OpenIdConnect.Server (ASOS): it doesn't depend on ASP.NET Identity or Entity Framework so you're totally free to implement your own authentication routine.

下面是如何使用ASOS BETA4(ASP.NET的5 RC1)实现标准的资源所有者密码补助:

Here's how you can implement the standard resource owner password grant using ASOS beta4 (for ASP.NET 5 RC1):

{
  "dependencies": {
    "Microsoft.AspNet.Server.WebListener": "1.0.0-rc1-final",
    "Microsoft.AspNet.Mvc": "6.0.0-rc1-final",
    "Microsoft.AspNet.Authentication.JwtBearer": "1.0.0-rc1-final",
    "AspNet.Security.OpenIdConnect.Server": "1.0.0-beta4"
  }
}

Startup.cs

public class Startup {
    public void ConfigureServices(IServiceCollection services) {
        services.AddAuthentication();
        services.AddCaching();
    }

    public void Configure(IApplicationBuilder app) {
        // Add a new middleware validating access tokens issued by the server.
        app.UseJwtBearerAuthentication(options => {
            options.AutomaticAuthentication = true;
            options.Audience = "resource_server_1";
            options.Authority = "http://localhost:50000/";
            options.RequireHttpsMetadata = false;
        });

        // Add a new middleware issuing tokens.
        app.UseOpenIdConnectServer(options => {
            options.AllowInsecureHttp = true;

            options.Provider = new OpenIdConnectServerProvider {
                OnValidateClientAuthentication = context => {
                    // Since there's only one application and it's a public client
                    // (i.e a client that cannot keep its credentials private),
                    // call Skipped() to inform the server the request should be
                    // accepted without enforcing client authentication.
                    context.Skipped();

                    return Task.FromResult(0);
                },

                OnGrantResourceOwnerCredentials = context => {
                    // Validate the credentials here: you can call Rejected()
                    // with an error code/description to reject
                    // the request and return a message to the caller.

                    // Adding brute-force attacks countermeasures
                    // is strongly recommended to respect the OAuth2 spec.

                    var identity = new ClaimsIdentity("Bearer");
                    identity.AddClaim(ClaimTypes.NameIdentifier, "todo");

                    // By default, claims are not serialized in the access and
                    // identity tokens. Use the overload taking a "destination"
                    // to make sure your claims are correctly inserted
                    // in the appropriate tokens.
                    identity.AddClaim("urn:customclaim", "value", "token id_token");

                    var ticket = new AuthenticationTicket(
                        new ClaimsPrincipal(identity),
                        new AuthenticationProperties(),
                        context.Options.AuthenticationScheme);

                    // Call SetResources with the list of resource servers
                    // the access token should be issued for.
                    ticket.SetResources(new[] { "resource_server_1" });

                    // Call SetScopes with the list of scopes you want to grant
                    // (specify offline_access to issue a refresh token).
                    ticket.SetScopes(new[] { "profile", "offline_access" });

                    context.Validated(ticket);

                    return Task.FromResult<object>(null);
                }
            };
        });
    }
}

请求

POST http://localhost:50000/connect/token HTTP/1.1
User-Agent: Fiddler
Host: localhost:50000
Content-Length: 61
Content-Type: application/x-www-form-urlencoded

grant_type=password&username=my_username&password=my_password

响应

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 1687
Content-Type: application/json;charset=UTF-8
Expires: -1
X-Powered-By: ASP.NET
Date: Tue, 16 Jun 2015 01:24:42 GMT

{
  "access_token" : "eyJ0eXAiOi ... 5UVACg",
  "expires_in" : "3599",
  "token_type" : "bearer"
}

这篇关于采用承载/智威汤逊授权不认同的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

1403页,肝出来的..

09-06 15:42