问题描述
在Azure移动应用程序的最新更新中,最终添加了对自定义身份验证的支持,请参阅: https://azure.microsoft.com/zh-CN/blog/azure-mobile-apps-november-2015-update .
In the latest update of Azure Mobile Apps, support for custom authentication was finally added, ref: https://azure.microsoft.com/en-us/blog/azure-mobile-apps-november-2015-update.
其中包括用于发行JWT令牌的代码段,但是我的问题是我将如何在我的应用程序中使用此代码来验证请求?
They have included a snippet for issuing a JWT-token, but my question is how would I use this in my app for authenticating requests?
我想我需要在WebApiConfig中添加一个自定义令牌处理程序,但是我找不到关于该主题的任何文档.
I guess I need to add a custom token handler in my WebApiConfig, but I can't find any docs on the subject.
推荐答案
我最终自己弄清楚了这一点.
I eventually figured this out myself.
如果有人想知道,这实际上有效".我查看了源代码,唯一要做的验证是基于JWT令牌加密密钥,"Audience"设置和"Issuer"设置.您只需将[Authorize]属性添加到控制器或方法中,然后管道将处理其余部分.
If anyone is wondering, this actually "just works". I looked into the source code and the only validation being done is based on the JWT-token encryption key, the "Audience"-setting and the "Issuer"-setting. You can just add the [Authorize] attribute to the controller or method and the pipeline takes care of the rest.
如果需要自定义声明,可以将它们添加到MobileAppLoginHandler.CreateToken调用中,并从User对象中提取.我在IPrincipal上创建了自己的扩展方法,以使用与内置提供程序相同的方式来获取具有所需属性的自定义对象.
If custom claims are needed, they can be added to the MobileAppLoginHandler.CreateToken call and extracted from the User-object. I made my own extension method on IPrincipal to get a custom object with the properties I needed in the same manner as the built-in providers.
这篇关于如何在Azure移动应用中实现自定义身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!