myn*_*kow 23 asp.net oauth-2.0 asp.net-web-api owin
您是否知道如何使用url参数中的默认asp.net web api 2 OAuth 2授权机制生成的access_token.目前,我可以通过发送带有Authorization标头的请求来成功授权,如下所示:
Accept: application/json
Content-Type: application/json
Authorization: Bearer pADKsjwMv927u...
我想要的是通过URL参数启用授权,如下所示:
https://www.domain.com/api/MyController?access_token=pADKsjwMv927u...
lea*_*ege 23
好吧 - 我同意标题是一个更好的选择 - 但当然有需要查询字符串的情况.OAuth2规范也定义了它.
无论如何 - 此功能内置于Katana OAuth2中间件中:
public class QueryStringOAuthBearerProvider : OAuthBearerAuthenticationProvider
{
readonly string _name;
public QueryStringOAuthBearerProvider(string name)
{
_name = name;
}
public override Task RequestToken(OAuthRequestTokenContext context)
{
var value = context.Request.Query.Get(_name);
if (!string.IsNullOrEmpty(value))
{
context.Token = value;
}
return Task.FromResult<object>(null);
}
}
然后:
var options = new JwtBearerAuthenticationOptions
{
AllowedAudiences = new[] { audience },
IssuerSecurityTokenProviders = new[]
{
new SymmetricKeyIssuerSecurityTokenProvider(
issuer,
signingKey)
},
Provider = new QueryStringOAuthBearerProvider(“access_token”)
};
myn*_*kow 11
所以,转到Global.asax并添加此方法:
void Application_BeginRequest(object sender, EventArgs e)
{
if (ReferenceEquals(null, HttpContext.Current.Request.Headers["Authorization"]))
{
var token = HttpContext.Current.Request.Params["access_token"];
if (!String.IsNullOrEmpty(token))
{
HttpContext.Current.Request.Headers.Add("Authorization", "Bearer " + token);
}
}
}
更新: 查看@leastprivilege的答案.更好的解决方案.
| 归档时间: |
|
| 查看次数: |
22270 次 |
| 最近记录: |