Mar*_*ouk 6 asp.net-mvc oauth-2.0 asp.net-web-api asp.net-identity-2
我有Asp.Net MVC项目有用户(我使用Asp.Net Identity 2),我有另一个Asp.Net WebApi服务.
我想保证对WebApi进行身份验证,只允许Asp.Net MVC用户访问端点,我不想将IdentityServer3用于此目的.
Asp.Net MVC Startup.Auth.cs:
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
}
我想我应该使用bearar令牌和JWT令牌,我可以在WebApi方面使用Thinketure身份模型,但我搜索找到一个明确的方式来描述如何做但我没有找到?
例如,我认为有许多选项,如SAML,JWT或OAuth 2授权代码流,但实施步骤是什么?
| 归档时间: |
|
| 查看次数: |
414 次 |
| 最近记录: |