我正在研究一些 MVC 6 和 ASP.NET 5 示例,但在查找有关使用不记名令牌保护 API 的任何有价值的文档时遇到问题。我能够使此类示例与 VS 2013、MVC 5 一起使用,但我无法将这些示例移植到 VS 2015 和 MVC 6。有谁知道在 MVC 6 中实现不记名令牌以保护 API 的任何好的示例?
问问题
1681 次
3 回答
2
为了使用不记名令牌对请求进行身份验证,您可以下载Microsoft.AspNet.Security.OAuthBearer包。然后,您可以OAuthBearerAuthenticationMiddleware使用UseOAuthBearerAuthentication扩展方法将中间件添加到管道中。
例子:
public void Configure(IApplicationBuilder app)
{
// ...
app.UseOAuthBearerAuthentication(options =>
{
options.Audience = "Redplace-With-Real-Audience-Info";
options.Authority = "Redplace-With-Real-Authority-Info";
});
}
另外,请查看WebApp-WebAPI-OpenIdConnect-AspNet5示例。
于 2015-04-19T18:23:38.560 回答
2
Asp.Net Core 中没有生成不记名令牌的中间件。您可以创建自己的解决方案或实施一些基于社区的方法,例如
于 2016-07-18T12:23:37.917 回答
0
我已经使用 MVC 6、OpenId 和 Aurelia 前端框架实现了一个带有基于令牌的身份验证实现的单页应用程序。在 Startup.cs 中,Configure 方法如下所示:
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseIISPlatformHandler();
// Add a new middleware validating access tokens.
app.UseJwtBearerAuthentication(options => {
// Automatic authentication must be enabled
// for SignalR to receive the access token.
options.AutomaticAuthenticate = true;
// Automatically disable the HTTPS requirement for development scenarios.
options.RequireHttpsMetadata = !env.IsDevelopment();
// Note: the audience must correspond to the address of the SignalR server.
options.Audience = clientUri;
// Note: the authority must match the address of the identity server.
options.Authority = serverUri;
});
// Add a new middleware issuing access tokens.
app.UseOpenIdConnectServer(options => {
options.Provider = new AuthenticationProvider();
});
app.UseIISPlatformHandler(options => options.AuthenticationDescriptions.Clear());
app.UseStaticFiles();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
身份验证提供程序的定义如下:
public class AuthenticationProvider : OpenIdConnectServerProvider
{
public override Task ValidateClientAuthentication(ValidateClientAuthenticationContext context)
{
if (context.ClientId == "AureliaNetAuthApp")
{
// Note: the context is marked as skipped instead of validated because the client
// is not trusted (JavaScript applications cannot keep their credentials secret).
context.Skipped();
}
else {
// If the client_id doesn't correspond to the
// intended identifier, reject the request.
context.Rejected();
}
return Task.FromResult(0);
}
public override Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context)
{
var user = new { Id = "users-123", Email = "alex@123.com", Password = "AureliaNetAuth" };
if (context.UserName != user.Email || context.Password != user.Password)
{
context.Rejected("Invalid username or password.");
return Task.FromResult(0);
}
var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, user.Id, "id_token token");
identity.AddClaim(ClaimTypes.Name, user.Email, "id_token token");
context.Validated(new ClaimsPrincipal(identity));
return Task.FromResult(0);
}
}
这定义了一个可以在 url 到达的令牌端点/connect/token。
因此,要从客户端请求令牌,这里是 javascript 代码,取自AuthServiceauthSvc.js:
login(username, password) {
var baseUrl = yourBaseUrl;
var data = "client_id=" + yourAppClientId
+ "&grant_type=password"
+ "&username=" + username
+ "&password=" + password
+ "&resource=" + encodeURIComponent(baseUrl);
return this.http.fetch(baseUrl + 'connect/token', {
method: 'post',
body : data
});
}
完整的源代码可以在这里看到:
https://github.com/alexandre-spieser/AureliaAspNetCoreAuth
希望这可以帮助,
最好的,
亚历克斯
于 2016-04-17T11:30:08.920 回答