7

我正在寻找任何文章或论坛主题,在那里我可以找到如何进行 oauth 2.0 身份验证的信息。特别是我有 MVC 3 应用程序和 WCF Restfull API。而且我必须使用 oauth 2.0 协议身份验证从 Web 应用程序调用 API 方法。但我找不到任何关于它的信息。谷歌搜索后,我只看到如何为 facebook、linkedin、google 等开发客户的结果。任何帮助都会有所帮助。谢谢你。

4

1 回答 1

2

You could have a look at DotNetOpenAuth. It has a client library which you can easily install from NuGet here. Using DotNetOpenAuth all the OAuth plumbing is handled behind the scenes.

DotNetOpenAuth:

When you install the NuGet Package: https://www.nuget.org/packages/DotNetOpenAuth.Ultimate/4.3.3.13295

You can setup an OAuth client like this:

var authorizationServerDescription = new AuthorizationServerDescription
{
    ProtocolVersion = ProtocolVersion.V20,
    TokenEndpoint = new Uri("https://yourUrl/token"),
    AuthorizationEndpoint = new Uri("https://yourUrl/authorize")
};

var client = new WebServerClient(authorizationServerDescription, "ClientIdentifier", "ClientSecret");

Then you can request a IAuthorizationState like this:

// Resource Owner Password Flow
client.ExchangeUserCredentialForToken("userName", "password");

// Client Credential Flow
client.GetClientAccessToken();

The IAuthorizationState contains the AccessToken you can use to Authorize against your Api. If a RefreshToken is provided you can also refresh your authorization using:

client.RefreshAuthorization(AuthorizationState);

ThinkTecture:

Alternatively you could use Thinktecture.IdentityModel. If you chose to use Thinktectures IdentityModel be sure to check out this post: Introducing OAuth2 Code Flow and Refresh Token Support in Thinktecture IdentityServer. Which not only explains how to set up an OAuth Token Server using Thinktecture, but how to use the client as well including a code sample. Ofcourse you can use this client to validate against another OAuth 2.0 server as long as the parameters are implemented according to the OAuth specifications.

OAuth 2.0 Playground If you want to have a better look at the OAuth 2.0 flow, be sure to check out Google's OAuth 2.0 Playground. I think that a lot of people don't know that it is possible to test your own server with it. Just push the 'settings' icon in the top right and set:

OAuth endpoints: Custom

And you're good to go.

于 2013-11-05T20:22:24.100 回答