- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
我正在为 Web api 实现 OAuth 2.0。最初,我想允许的唯一授权类型是资源所有者密码授权类型的“密码”。将来,我可能会扩展到其他股票授予类型,甚至构建自定义类型。为了实现,我在我的 Startup.cs 类中创建了以下代码。我没有指定授权端点,只是一个 token 端点。
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
}
public void ConfigureAuth(IAppBuilder app)
{
var myOAuthServerProvider = new MyOAuthServerProvider();
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
// mark true if you are not on https channel. This should never be true for Production.
AllowInsecureHttp = true,
//Enable a 60 minute expiration time.
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(60),
// Allows the authorization server to alter the response coming out so it can report a 401.
AuthenticationMode = AuthenticationMode.Active,
// Provider needs to be the custom class that performs our authentication.
Provider = myOAuthServerProvider,
// This specifies the endpoint path where you can generate a token.
TokenEndpointPath = new PathString("/api/token"),
});
}
}
最佳答案
要只允许您想要的授权类型,从 OAuthAuthorizationServerProvider
继承就足够了。 .然后你需要重写两个方法:
client_id
username
和 password
当grant_type
设置为 password
Called when a request to the Token endpoint arrives with a "grant_type" of "password". This occurs when the user has provided name and password credentials directly into the client application's user interface, and the client application is using those to acquire an "access_token" and optional "refresh_token". If the web application supports the resource owner credentials grant type it must validate the context.Username and context.Password as appropriate. To issue an access token the context.Validated must be called with a new ticket containing the claims about the resource owner which should be associated with the access token. The application should take appropriate measures to ensure that the endpoint isn’t abused by malicious callers. The default behavior is to reject this grant type.
关于c# - 使用 OAuthAuthorizationServer 自定义允许的授权类型,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32616069/
我正在为 Web api 实现 OAuth 2.0。最初,我想允许的唯一授权类型是资源所有者密码授权类型的“密码”。将来,我可能会扩展到其他股票授予类型,甚至构建自定义类型。为了实现,我在我的 Sta
我正在使用Asp.net MVC5 app和Web APi2,该API将在多个站点中使用,并且还将用于验证用户身份。 我已经在VS 2013中创建了MVC5和Web API项目,授权服务器的默认模板是
我需要为 OAuthAuthorizationServer 中的 token 生成生成自定义响应 默认的响应是这样的 { "access_token": "***access_token***",
我是一名优秀的程序员,十分优秀!