我是单点登录身份验证的新手
我有一个 MVC4 基础网站,它正在处理JWT 令牌身份验证。在这两者之间,我们必须实现一个 silverlight 5 应用程序,
我如何在 Silverlight 应用程序中读取该 JWT 令牌以及如何在 silverlight 中验证用户身份,如果用户单击从 silverlight 应用程序注销或 Web 应用程序用户必须从两个应用程序注销
如果你能提供一个例子,那将是很大的帮助。
提前致谢
问问题
388 次
1 回答
1
您在 Silverlight 应用程序上成功实施 JWT 了吗?
更新
在我的 silverlight 客户端代码中,我为每个请求将 jwt 令牌添加到 HTTP 标头授权中。为了添加标题,我创建了一个负责该标题的行为 (AttachRequestInformationEndpointBehavior)。以下代码将行为添加到 ExampleDomainContext:
Partial Class ExampleDomainContext
Private Sub OnCreated()
Dim channelFactoryProperty As PropertyInfo = Me.DomainClient.GetType().GetProperty("ChannelFactory")
If (channelFactoryProperty IsNot Nothing) Then
Dim factory = TryCast(channelFactoryProperty.GetValue(Me.DomainClient, Nothing), channelFactory)
If factory IsNot Nothing Then
If Not factory.Endpoint.Behaviors.Contains(GetType(Infrastructure.WebServices.AttachRequestInformationEndpointBehavior)) Then
factory.Endpoint.Behaviors.Add(New Wintouch.Infrastructure.WebServices.AttachRequestInformationEndpointBehavior())
End If
End If
End If
End Sub
End Class
如果遵循行为代码:
Public Class AttachRequestInformationEndpointBehavior
Implements IEndpointBehavior, IClientMessageInspector
Public Sub AddBindingParameters(endpoint As ServiceEndpoint, bindingParameters As BindingParameterCollection) Implements IEndpointBehavior.AddBindingParameters
End Sub
Public Sub ApplyClientBehavior(endpoint As ServiceEndpoint, clientRuntime As System.ServiceModel.Dispatcher.ClientRuntime) Implements IEndpointBehavior.ApplyClientBehavior
clientRuntime.MessageInspectors.Add(Me)
End Sub
Public Sub ApplyDispatchBehavior(endpoint As ServiceEndpoint, endpointDispatcher As System.ServiceModel.Dispatcher.EndpointDispatcher) Implements IEndpointBehavior.ApplyDispatchBehavior
End Sub
Public Sub Validate(endpoint As ServiceEndpoint) Implements IEndpointBehavior.Validate
End Sub
Public Sub AfterReceiveReply(ByRef reply As Message, correlationState As Object) Implements IClientMessageInspector.AfterReceiveReply
End Sub
Public Function BeforeSendRequest(ByRef request As Message, channel As IClientChannel) As Object Implements IClientMessageInspector.BeforeSendRequest
Dim header As HttpRequestMessageProperty
If request.Properties.ContainsKey(HttpRequestMessageProperty.Name) Then
header = CType(request.Properties(HttpRequestMessageProperty.Name), HttpRequestMessageProperty)
Else
header = New HttpRequestMessageProperty()
request.Properties.Add(HttpRequestMessageProperty.Name, header)
End If
header.Headers("Authorization") = "Bearer " + "the user token here..."
Return Nothing
End Function
在服务器端,我只是使用从令牌中提取的信息填充 HttpContext.Current.User 和 Thread.CurrentPrincipal。例如:
在 Global.asax 文件中:
protected void Application_AcquireRequestState( Object sender, EventArgs e)
{
// code to read the token
var tokenHandler = new TokenHandler();
// get the token from the http request header
var authHeaders = Request.Headers.GetValues("Authorization");
if (authHeaders == null || authHeaders.Length < 1) return;
var authHeader = authHeaders[0].Split(' ');
var scheme = authHeader[0];
var tokenString = authHeader[1];
if (scheme != "Bearer") return;
// retrieves the principal from the token
IPrincipal principal = tokenHandler.ReadPrincipal(tokenString);
// set the relevant variables
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
}
于 2014-09-30T10:26:35.187 回答