gpt4 book ai didi

asp.net-web-api - Web API 2 OWIN Bearer token 身份验证 - AccessTokenFormat null?

转载 作者:行者123 更新时间:2023-12-03 13:26:59 26 4
gpt4 key购买 nike

我有一个现有的 ASP.NET MVC 5 项目,我正在向它添加一个 Web API 2 项目。我想使用不记名 token 认证,并按照孙宏烨的教程“OWIN Bearer Token Authentication with Web API Sample”和this question也是。

在我的 Login方法,用于行 Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket); , 访问 token 格式 一片空白。知道为什么吗?

我的 账户 Controller :

[RoutePrefix("api")]
public class AccountController : ApiController
{
public AccountController() {}

// POST api/login
[HttpPost]
[Route("login")]
public HttpResponseMessage Login(int id, string pwd)
{
if (id > 0) // testing - not authenticating right now
{
var identity = new ClaimsIdentity(Startup.OAuthBearerOptions.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, id.ToString()));
AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
var currentUtc = new SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(30));
var token = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
return new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new ObjectContent<object>(new
{
UserName = id.ToString(),
AccessToken = token
}, Configuration.Formatters.JsonFormatter)
};
}

return new HttpResponseMessage(HttpStatusCode.BadRequest);
}

// POST api/token
[Route("token")]
[HttpPost]
public HttpResponseMessage Token(int id, string pwd)
{
// Never reaches here. Do I need this method?
return new HttpResponseMessage(HttpStatusCode.OK);
}
}

启动 类(class):

public class Startup
{
private static readonly ILog _log = log4net.LogManager.GetLogger(System.Reflection.MethodBase.GetCurrentMethod().DeclaringType);
public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; private set; }
public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
public static Func<MyUserManager> UserManagerFactory { get; set; }
public static string PublicClientId { get; private set; }

static Startup()
{
PublicClientId = "MyWeb";

UserManagerFactory = () => new MyUserManager(new UserStore<MyIdentityUser>());

OAuthBearerOptions = new OAuthBearerAuthenticationOptions();

OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/api/token"),
Provider = new MyWebOAuthProvider(PublicClientId, UserManagerFactory),
AuthorizeEndpointPath = new PathString("/api/login"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = true
};
}

public void Configuration(IAppBuilder app)
{
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/api/login")
});

// Configure Web API to use only bearer token authentication.
var config = GlobalConfiguration.Configuration;
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthBearerOptions.AuthenticationType));

app.UseWebApi(config);
}
}

我的身份用户 只需添加一个额外的属性:

public class MyIdentityUser : IdentityUser
{
public int SecurityLevel { get; set; }
}

我的用户管理器 将我的自定义用户身份验证方法调用到内部服务器:

public class MyUserManager : UserManager<MyIdentityUser>
{
public MyUserManager(IUserStore<MyIdentityUser> store) : base(store) { }

public MyIdentityUser ValidateUser(int id, string pwd)
{
LoginIdentityUser user = null;

if (MyApplication.ValidateUser(id, pwd))
{
// user = ??? - not yet implemented
}

return user;
}
}

MyWebOAuthProvider (我从 SPA 模板中获取了这个。只有 GrantResourceOwnerCredentials 已更改):

public class MyWebOAuthProvider : OAuthAuthorizationServerProvider
{
private readonly string _publicClientId;
private readonly Func<MyUserManager> _userManagerFactory;

public MyWebOAuthProvider(string publicClientId, Func<MyUserManager> userManagerFactory)
{
if (publicClientId == null)
{
throw new ArgumentNullException("publicClientId");
}

if (userManagerFactory == null)
{
throw new ArgumentNullException("userManagerFactory");
}

_publicClientId = publicClientId;
_userManagerFactory = userManagerFactory;
}

public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (MyUserManager userManager = _userManagerFactory())
{
MyIdentityUser user = null;
var ctx = context as MyWebOAuthGrantResourceOwnerCredentialsContext;

if (ctx != null)
{
user = userManager.ValidateUser(ctx.Id, ctx.Pwd);
}

if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}

ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user,
context.Options.AuthenticationType);
ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
}

public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
... // unchanged from SPA template
}

public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
... // unchanged from SPA template
}

public override Task ValidateClientRedirectUri(OAuthValidateClientRedirectUriContext context)
{
... // unchanged from SPA template
}

public static AuthenticationProperties CreateProperties(string userName)
{
... // unchanged from SPA template
}
}

MyWebOAuthGrantResourceOwnerCredentialsContext :

public class MyWebOAuthGrantResourceOwnerCredentialsContext : OAuthGrantResourceOwnerCredentialsContext
{
public MyWebOAuthGrantResourceOwnerCredentialsContext (IOwinContext context, OAuthAuthorizationServerOptions options, string clientId, string userName, string password, IList<string> scope)
: base(context, options, clientId, userName, password, scope)
{ }

public int Id { get; set; }
public string Pwd { get; set; }
}

怎么样访问 token 格式 放?我设置的是否正确?我没有针对任何外部服务进行身份验证,只是对旧的内部服务器进行身份验证。
谢谢。

最佳答案

我遇到了同样的问题——这与我在 Startup() 中的初始化有关。

像您一样,我将 OAuthBearerOptions 存储在静态字段中:

OAuthBearerOptions = new OAuthBearerAuthenticationOptions();

但是后来我错误地使用了同一类的新实例:
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());  // wrong!

显然,解决方法是改用静态字段:
app.UseOAuthBearerAuthentication(OAuthBearerOptions);

事实上,看起来你根本没有调用 UseOAuthBearerAuthentication() 。我关注了这个 excellent series of posts泰瑟尔·朱德 (Taiseer Joudeh)。

完整的 Startup.cs:

public class Startup
{
public static OAuthBearerAuthenticationOptions OAuthBearerOptions { get; private set; }

public void Configuration(IAppBuilder app)
{
HttpConfiguration config = new HttpConfiguration();

ConfigureOAuth(app);

WebApiConfig.Register(config);
app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll);
app.UseWebApi(config);
}

public void ConfigureOAuth(IAppBuilder app)
{
//use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseExternalSignInCookie(Microsoft.AspNet.Identity.DefaultAuthenticationTypes.ExternalCookie);
OAuthBearerOptions = new OAuthBearerAuthenticationOptions();

OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions() {

AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new SimpleAuthorizationServerProvider() // see post
};

// Token Generation
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(OAuthBearerOptions);

//[Configure External Logins...]
}
}

关于asp.net-web-api - Web API 2 OWIN Bearer token 身份验证 - AccessTokenFormat null?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/19938947/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com