• WebApi使用OAuth2认证


    本篇文章实现了四种认证方式中的客户端模式和密码模式,未实现token持久化

    未介绍OAuth2的相关概念,全部是干货,可自己在网上搜索OAuth2相关知识,在这不做过多阐述

    • 一、引用OAuth2所需的dll,使用nuget下载以下依赖项

           Microsoft.AspNet.WebApi.Owin
           Microsoft.Owin.Host.SystemWeb
           Microsoft.Owin.Security.OAuth
           Microsoft.AspNet.Identity.Owin

    • 二、重载OAuth2相应的验证方法
     1 public class OAuthServerProvider : OAuthAuthorizationServerProvider
     2     {
     3         /// <summary>
     4         /// 验证OAuth请求
     5         /// </summary>
     6         /// <param name="context"></param>
     7         /// <returns></returns>
     8         public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
     9         {
    10             string clientId;
    11             string clientSecret;
    12 
    13             //获取客户端凭证
    14             if (!context.TryGetBasicCredentials(out clientId, out clientSecret))
    15                 context.TryGetFormCredentials(out clientId, out clientSecret);
    16 
    17             //保存客户端凭证
    18             context.OwinContext.Set<string>("clientId", clientId);
    19             context.OwinContext.Set<string>("clientSecret", clientSecret);
    20             //验证通过
    21             context.Validated(clientId);
    22 
    23             return base.ValidateClientAuthentication(context);
    24         }
    25 
    26         /// <summary>
    27         /// 客户端模式 验证
    28         /// </summary>
    29         /// <param name="context"></param>
    30         /// <returns></returns>
    31         public override Task GrantClientCredentials(OAuthGrantClientCredentialsContext context)
    32         {
    33             var clientSecret = context.OwinContext.Get<string>("clientSecret");
    34             if (context.ClientId == "admin" && clientSecret == "123")
    35             {
    36                 var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
    37                 oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, "Clear App"));
    38                 var ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties());
    39                 context.Validated(ticket);
    40             }
    41             else
    42             {
    43                 context.SetError("invalid_grant", "The username or password is incorrect.");
    44             }
    45             return base.GrantClientCredentials(context);
    46         }
    47 
    48         /// <summary>
    49         /// 密码模式验证
    50         /// </summary>
    51         /// <param name="context"></param>
    52         /// <returns></returns>
    53         public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    54         {
    55             if (context.UserName == "admin" && context.Password == "123456")
    56             {
    57                 var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
    58                 oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
    59                 var ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties());
    60                 //替换上下文中票证信息,并将其标记为已验证
    61                 context.Validated(ticket);
    62             }
    63             else
    64             {
    65                 context.SetError("invalid_grant", "The username or password is incorrect.");
    66             }
    67             return base.GrantResourceOwnerCredentials(context);
    68         }
    69 
    70     }
    重写OAuth验证方法
    • 三、添加Startup类
     1  public class Startup
     2     {
     3         public void Configuration(IAppBuilder app)
     4         {
     5             var options = new OAuthAuthorizationServerOptions()
     6             {
     7                 TokenEndpointPath = new PathString("/oauth2/token"),//获取token访问路径
     8                 Provider = new OAuthServerProvider(),//oauth2服务配置
     9                 AccessTokenExpireTimeSpan = TimeSpan.FromDays(15),//token有效期
    10                 AllowInsecureHttp = true
    11             };
    12             app.UseOAuthBearerTokens(options);
    13         }
    14     }
    Startup配置OAuth2服务
    • 四、验证OAuth请求

     密码模式

    客户端模式

  • 相关阅读:
    【转载】C#中List集合使用Contains方法判断是否包含某个对象
    【转载】C#中List集合使用Clear方法清空集合
    【转载】C#中List集合使用AddRange方法将一个集合加入到指定集合末尾
    【转载】C#中List集合使用Min()方法查找到最小值
    【转载】 C#中List集合使用OrderByDescending方法对集合进行倒序排序
    Mysql,ERROR 1044 (42000): Access denied for user ''@'localhost' to database 'mysql'
    Android -- MeasureSpec
    Android -- PullToRefresh应用
    Android -- Gradle
    Android -- ShortCut
  • 原文地址:https://www.cnblogs.com/htsboke/p/9272340.html
Copyright © 2020-2023  润新知