Nic*_*sky 6 asp.net asp.net-core asp.net-core-2.0
我有Net.Framework共享同样内置几个工作ASP NET应用程序machineKey在Web.config中,所以当用户在一个应用程序验证,其他应用程序认为他认证为好.
现在我必须为这个使用asp net Core 2.0的俱乐部打造一个新的应用程序.有关如何转换现有"遗产"的快速解决方案吗?
<system.web>
...
<machineKey decryption="AES" decryptionKey="blablabla" validation="SHA1" validationKey="blablabla" />
</system.web>
要在Core应用程序中使用?
编辑:实际的Net.Framework api使用基于令牌的身份验证:
using Microsoft.Owin;
using Microsoft.Owin.Security.OAuth;
private void ConfigureOAuth(IAppBuilder app)
{
OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
//Token consumption from header "Authentication Bearer"
app.UseOAuthBearerAuthentication(OAuthBearerOptions);
}
然后在[Authorize]框架上使用机器密钥解码令牌.我猜的正确问题是如何使用手动提供的机器密钥在Core 2.0+中实现相同的解密头中发送的身份验证令牌.
您可以使用很棒的库来实现此目的AspNetTicketBridge。
令牌处理程序定义:
public class OwinBearerTokenMachineKeyAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
public const string DefaultAuthScheme = "DefaultAuth";
// List of supported decryption algorithms: DES | 3DES | AES
private const string DefaultDecryptionAlgorithm = "<YOUR DECRYPTION ALGORIGHM>";
// List of supported validation algorithms: SHA1 | MD5 | 3DES | AES | HMACSHA256 | HMACSHA384 | HMACSHA512
private const string DefaultValidationAlgorithm = "<YOUR VALIDATION ALGORITHM>";
private const string DefaultAuthorizationHeader = "Authorization";
public OwinBearerTokenMachineKeyAuthenticationHandler(IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock) : base(options, logger, encoder, clock)
{
}
protected override Task<AuthenticateResult> HandleAuthenticateAsync()
{
var token = Request.Headers[DefaultAuthorizationHeader][0].Remove(0, 7); // Bad code, don't use it... please
// Get keys from machine keys section / another configuration file.
var validationKey = "<YOUR VALIDATION KEY FROM MACHINE KEY CONFIG>";
var decryptionKey = "<YOUR DECRYPTION KEY FROM MACHINE KEY CONFIG>";
var ticket = MachineKeyTicketUnprotector.UnprotectOAuthToken(token, decryptionKey, validationKey, DefaultDecryptionAlgorithm, DefaultValidationAlgorithm);
var newTicket = AuthenticationTicketConverter.Convert(ticket, DefaultAuthScheme);
return Task.FromResult(AuthenticateResult.Success(newTicket));
}
}
应用程序配置:
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
// ...
app.UseAuthentication();
app.UseAuthorization(); // Gives ability to use [Authorize] attribute
// ...
}
public void ConfigureServices(IServiceCollection services)
{
// ...
RegisterAuthorization(services);
// ...
}
private void RegisterAuthorization(IServiceCollection services)
{
services.AddAuthentication(o => { o.DefaultScheme = OwinBearerTokenMachineKeyAuthenticationHandler.DefaultAuthScheme; })
.AddScheme<AuthenticationSchemeOptions, OwinBearerTokenMachineKeyAuthenticationHandler>(OwinBearerTokenMachineKeyAuthenticationHandler.DefaultAuthScheme, o => { });
services.AddAuthorization(); // Gives ability to use [Authorize] attribute
}
PS我花了两天时间寻找好的解决方案来完成这项任务,但只有这似乎是最好的。
| 归档时间: |
|
| 查看次数: |
316 次 |
| 最近记录: |