WebApi 增加身份驗證 (OAuth 2.0方式)
阿新 • • 發佈:2019-01-07
1,在Webapi專案下新增如下引用:
Microsoft.AspNet.WebApi.Owin
Owin
Microsoft.Owin.Host.SystemWeb
Microsoft.Owin.Security.OAuth
Microsoft.Owin.Security.Cookies
Microsoft.AspNet.Identity.Owin
Microsoft.Owin.Cors
2, 在專案下新建Startup類,這個類將作為owin的啟動入口,新增下面的程式碼
3,修改 Startup類中方法
| 1234567891011121314151617181920212223242526 | public classStartup{public void Configuration(IAppBuilder app){// 有關如何配置應用程式的詳細資訊,請訪問 http://go.microsoft.com/fwlink/?LinkID=316888ConfigAuth(app);HttpConfiguration config = new HttpConfiguration();WebApiConfig.Register(config);app.UseCors(CorsOptions.AllowAll);app.UseWebApi(config);}public void ConfigAuth(IAppBuilder app){OAuthAuthorizationServerOptions option = new OAuthAuthorizationServerOptions(){AllowInsecureHttp = true,TokenEndpointPath = new PathString("/token"), //獲取 access_token 授權服務請求地址AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), //access_token 過期時間Provider = new SimpleAuthorizationServerProvider(), //access_token 相關授權服務RefreshTokenProvider = new SimpleRefreshTokenProvider() //refresh_token 授權服務};app.UseOAuthAuthorizationServer(option);app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());}} |
4, OAuth身份認證,新建SimpleAuthorizationServerProvider類
| 123456789101112131415161718192021222324 | public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider{public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context){context.Validated();return Task.FromResult<object>(null);}public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context){context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });AccountService accService = new AccountService();string md5Pwd = LogHelper.MD5CryptoPasswd(context.Password);IList<object[]> ul = accService.Login(context.UserName, md5Pwd);if (ul.Count() == 0){context.SetError("invalid_grant", "The username or password is incorrect");return;}var identity = new ClaimsIdentity(context.Options.AuthenticationType);identity.AddClaim(new Claim("sub", context.UserName));identity.AddClaim(new Claim("role", "user"));context.Validated(identity);}} |
5, 新建SimpleRefreshTokenProvider類
| 12345678910111213141516171819202122232425262728 | public class SimpleRefreshTokenProvider : AuthenticationTokenProvider{private static ConcurrentDictionary<string, string> _refreshTokens = new ConcurrentDictionary<string, string>();/// <summary>/// 生成 refresh_token/// </summary>public override void Create(AuthenticationTokenCreateContext context){context.Ticket.Properties.IssuedUtc = DateTime.UtcNow;context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(60);context.SetToken(Guid.NewGuid().ToString("n"));_refreshTokens[context.Token] = context.SerializeTicket();}/// <summary>/// 由 refresh_token 解析成 access_token/// </summary>public override void Receive(AuthenticationTokenReceiveContext context){string value;if (_refreshTokens.TryRemove(context.Token, out value)){context.DeserializeTicket(value);}}} |
6, 在要加驗證的介面上加上[Authorize]標記
| 12345678910 | [Authorize]public class EmployeeController : ApiController{//查詢所有員工[HttpGet]public IList<UC_Employee> GetAllEmps(){return new List<UC_Employee>();}} |
7,呼叫api程式
8,傳入引數,獲取token
9,傳入access_token
