我已经使用OWIN成功添加的OAuth我的WebAPI 2项目。我收到的令牌,并可以使用他们的HTTP头访问资源。
I have successfully added OAuth to my WebAPI 2 project using OWIN. I receive tokens and can use them in the HTTP Header to access resources.
现在我想用这些令牌还对其他渠道进行身份验证是不是该OWIN模板制作为标准的HTTP请求。例如,我使用的WebSockets,其中客户端发送的OAuth承载令牌进行身份验证。
Now I want to use those tokens also on other channels for authentication that are not the standard HTTP requests that the OWIN template is made for. For example, I am using WebSockets where the client has to send the OAuth Bearer Token to authenticate.
在服务器端,我通过WebSocket的接收令牌。 但是,我怎么能现在把这个令牌到OWIN管道从中提取的IPrincipal和ClientIdentifier?在的WebAPI 2模板,这一切都被抽象了我,所以没有什么我必须做的使它发挥作用。
On the server side, I receive the token through the WebSocket. But how can I now put this token into the OWIN pipeline to extract the IPrincipal and ClientIdentifier from it? In the WebApi 2 template, all this is abstracted for me, so there is nothing I have to do to make it work.
所以,基本上,我有标记为一个字符串,想用OWIN访问用户信息连接codeD放入令牌。
感谢你在前进的帮助。
推荐答案
我发现这个博客帖子的解决方案的一部分:http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/
I found a part of the solution in this blog post: http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/
所以,我创建了自己的供应商如下:
So I created my own Provider as follows:
public class QueryStringOAuthBearerProvider : OAuthBearerAuthenticationProvider
{
public override Task RequestToken(OAuthRequestTokenContext context)
{
var value = context.Request.Query.Get("access_token");
if (!string.IsNullOrEmpty(value))
{
context.Token = value;
}
return Task.FromResult<object>(null);
}
}
然后,我需要将其添加到我的应用程序中Startup.Auth.cs是这样的:
Then I needed to add it to my App in Startup.Auth.cs like this:
OAuthBearerOptions = new OAuthBearerAuthenticationOptions()
{
Provider = new QueryStringOAuthBearerProvider(),
AccessTokenProvider = new AuthenticationTokenProvider()
{
OnCreate = create,
OnReceive = receive
},
};
app.UseOAuthBearerAuthentication(OAuthBearerOptions);
通过自定义AuthenticationTokenProvider,我可以检索早在管道从令牌的所有其他值:
With a custom AuthenticationTokenProvider, I can retrieve all other values from the token early in the pipeline:
public static Action<AuthenticationTokenCreateContext> create = new Action<AuthenticationTokenCreateContext>(c =>
{
c.SetToken(c.SerializeTicket());
});
public static Action<AuthenticationTokenReceiveContext> receive = new Action<AuthenticationTokenReceiveContext>(c =>
{
c.DeserializeTicket(c.Token);
c.OwinContext.Environment["Properties"] = c.Ticket.Properties;
});
而现在,例如在我的WebSocket的投手,我可以检索客户端Id和其他人是这样的:
And now, for example in my WebSocket Hander, I can retrieve ClientId and others like this:
IOwinContext owinContext = context.GetOwinContext();
if (owinContext.Environment.ContainsKey("Properties"))
{
AuthenticationProperties properties = owinContext.Environment["Properties"] as AuthenticationProperties;
string clientId = properties.Dictionary["clientId"];
...
}
相关推荐
最新文章