Mar*_*und 9 c# oauth-2.0 asp.net-web-api owin bearer-token
在我的Web Api 2.2基于OWIN的应用程序中,我有一种情况,我手动需要解码承载令牌,但我不知道如何做到这一点.这是我的startup.cs
public class Startup
{
public static OAuthAuthorizationServerOptions OAuthServerOptions { get; private set; }
public static UnityContainer IoC;
public void Configuration(IAppBuilder app)
{
//Set Auth configuration
ConfigureOAuth(app);
....and other stuff
}
public void ConfigureOAuth(IAppBuilder app)
{
OAuthServerOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
Provider = new AuthProvider(IoC.Resolve<IUserService>(), IoC.Resolve<IAppSettings>())
};
// Token Generation
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
在我的控制器中,我发送了承载令牌作为参数
[RoutePrefix("api/EP")]
public class EPController : MasterController
{
[HttpGet]
[AllowAnonymous]
[Route("DC")]
public async Task<HttpResponseMessage> GetDC(string token)
{
//Get the claim identity from the token here
//Startup.OAuthServerOptions...
//..and other stuff
}
}
如何手动解码并从作为参数传递的令牌中获取声明?
注意:我知道我可以在标题中发送令牌并使用[Authorize]和(ClaimsIdentity)User.Identity等,但问题是如何在标题中没有显示令牌时如何读取令牌.
Osa*_*a E 13
只是将此放在此处可供将来访问的其他人使用.在https://long2know.com/2015/05/decrypting-owin-authentication-ticket/上找到的解决方案更简单.
只需2行:
var secureDataFormat = new TicketDataFormat(new MachineKeyProtector());
AuthenticationTicket ticket = secureDataFormat.Unprotect(accessToken);
private class MachineKeyProtector : IDataProtector {
private readonly string[] _purpose =
{
typeof(OAuthAuthorizationServerMiddleware).Namespace,
"Access_Token",
"v1"
};
public byte[] Protect(byte[] userData)
{
throw new NotImplementedException();
}
public byte[] Unprotect(byte[] protectedData)
{
return System.Web.Security.MachineKey.Unprotect(protectedData, _purpose);
} }
| 归档时间: |
|
| 查看次数: |
15566 次 |
| 最近记录: |