• ASP.NET MVC WEB API OAuth2Authorize


    using System;
    using System.Net;
    using System.Security.Cryptography;
    using System.Security.Cryptography.X509Certificates;
    using System.Security.Principal;
    using System.ServiceModel.Channels;
    using System.Threading;
    using System.Web.Http;
    using System.Web.Http.Controllers;
    using System.Web.Http.Filters;
    using DotNetOpenAuth.OAuth2;
     
    namespace ProjectName.Web.Controllers.ActionFilters
    {
    /// <summary>
    /// ActionFilter to authorize requests using OAuth2
    /// </summary>
    public class OAuth2Authorize : AuthorizationFilterAttribute
    {
    /// <summary>
    /// Called when [authorization].
    /// </summary>
    /// <param name="actionContext">The action context.</param>
    public override void OnAuthorization(HttpActionContext actionContext)
    {
    // get public / private key from certificate
    var store = new X509Store(StoreLocation.LocalMachine);
    store.Open(OpenFlags.ReadOnly);
    var certCollection = store.Certificates;
    var currentCerts = certCollection.Find(X509FindType.FindByTimeValid, DateTime.Now, false);
    var signingCert = currentCerts.Find(X509FindType.FindBySubjectDistinguishedName, "CN=*.yourdomain.com, OU=Domain Control Validated, O=*.yourdomain.com", false);
    var cert = signingCert[0];
    store.Close();
     
    var publicKey = (RSACryptoServiceProvider)cert.PublicKey.Key;
    var privateKey = (RSACryptoServiceProvider)cert.PrivateKey;
     
    using (var signing = publicKey)
    using (var encrypting = privateKey)
    {
    base.OnAuthorization(actionContext);
     
    // TODO FIXME dnoa doesn't support HttpRequestMessage - manually creating HttpRequestMessageProperty until they do
    var request = new HttpRequestMessageProperty();
    request.Headers[HttpRequestHeader.Authorization] = actionContext.Request.Headers.Authorization.ToString();
    var requestUri = actionContext.Request.RequestUri;
     
    var resourceServer = new ResourceServer(new StandardAccessTokenAnalyzer(signing, encrypting));
    IPrincipal result;
     
    var response = resourceServer.VerifyAccess(request, requestUri, out result);
     
    if (response != null)
    {
    actionContext.Response = actionContext.ControllerContext.Request.CreateResponse(HttpStatusCode.Forbidden);
    return;
    }
     
    var principal = null; // create your principal using result.Identity.Name if needed
    Thread.CurrentPrincipal = principal;
    }
    }
    }
    }
  • 相关阅读:
    python--函数的返回值、函数的参数
    python--字典,解包
    Vue--ElementUI实现头部组件和左侧组件效果
    Vue--整体页面布局
    jmeter--non GUI
    python--切片,字符串操作
    celery--调用异步任务的三种方法和task参数
    celery--实现异步任务
    celery--介绍
    开发问题记录
  • 原文地址:https://www.cnblogs.com/fx2008/p/2819546.html
Copyright © 2020-2023  润新知