• Authorize by ClaimIdentity by Owin


    Authorize by ClaimIdentity by Owin

    1. Package needed
    • Owin
    • Microsoft.Owin.Security.OAuth
    • Microsoft.Owin.Security.Cookies
    • Microsoft.Owin
    • Microsoft.AspNet.WebApi.Owin
    1. Startup.cs definition
    [assembly:OwinStartup(typeof(GoldWebApi.App_Start.Startup))]
    namespace GoldWebApi.App_Start
    {
        public class Startup
        {
            public void Configuration(IAppBuilder app)
            {
            }
        }
    }
    
    1. By using Cookie
    • Add these function call in startup.cs
    app.UseCookieAuthentication(new CookieAuthenticationOptions
                {
                    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                    CookieHttpOnly = false,
                    CookieName = "Auth",
                    ExpireTimeSpan = TimeSpan.FromMinutes(1)
                });
    
    • Define this action webapi
     [HttpGet]
            public string Login(string userName,string passWord)
            {
                string realPassword = string.Empty;
                if(AccountDic.TryGetValue(userName,out realPassword))
                {
                    if (passWord == realPassword)
                    {
                        this.SignIn(HttpContext.Current.GetOwinContext().Authentication, this.CreateClaimIdentity(userName));
                        return "Authenticated";
                    }
                }
                return "Deny";
            }
    
             private void SignIn(IAuthenticationManager authenticationManger, ClaimsIdentity identity)
            {
                authenticationManger.SignIn(new AuthenticationProperties()
                {
                    ExpiresUtc = DateTime.UtcNow.AddMinutes(1),
                    IsPersistent = true
                }, identity);
            }
    
            private ClaimsIdentity CreateClaimIdentity(string userName)
            {
                return new ClaimsIdentity(new List<Claim>() { new Claim(ClaimTypes.Name, userName) }, DefaultAuthenticationTypes.ApplicationCookie);
            }
    

    4.By Token

    • Add these call in startup.cs
      app.UseOAuthBearerAuthentication(GoldWebApi.Controllers.AccountController.OAuthBearerOptions);
    • Add these definition in webapi
    [HttpGet]
            public string LoginByTicket(string userName,string passWord)
            {
                string realPassword = string.Empty;
                if (AccountDic.TryGetValue(userName, out realPassword))
                {
                    if (passWord == realPassword)
                    {
                        return this.GenerateTicket(this.CreateClaimIdentity(userName));
                    }
                }
                return "Deny";
            }
    
            private string GenerateTicket(ClaimsIdentity identity)
            {
                var ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
                ticket.Properties.IssuedUtc = DateTime.Now;
                ticket.Properties.ExpiresUtc = DateTime.Now.AddMinutes(1);
    
                return OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
            }
    
    1. By Basic Authentication
    • package install: Thinktecture.IdentityModel.Owin.BasicAuthentication
    • Add these in startup.cs
    app.UseBasicAuthentication("localhost", ValidateUserCredential);
    
    public Task<IEnumerable<Claim>> ValidateUserCredential(string userName, string passWord)
            {
                return Task.FromResult<IEnumerable<Claim>>(new List<Claim>() { new Claim(ClaimTypes.Name, userName) });
            }
    

    Summary
    For all those Authentication mode, we can use Authorize Attribute in our webapi controller/action to apply the Authentication/Authorization. Owin will take the infrustructure job for us.

  • 相关阅读:
    Smali基本语法
    图片智能缩小
    How to install ia32-libs in Ubuntu 14.04 LTS (Trusty Tahr)
    [操作系统][Ubuntu 14.04] 安装Flash 安装QQ2013
    eclipse在Ubuntu 13.04下的安装过程及问题小记
    Android系统手机端抓包方法
    Android 开源框架ActionBarSherlock 和 ViewPager 仿网易新闻客户端
    试用Android Annotations
    Android Annotations 介绍
    盘点国内Android移动广告平台的现状
  • 原文地址:https://www.cnblogs.com/kongshu-612/p/9436465.html
Copyright © 2020-2023  润新知