1

在使用 Microsoft.AspNet.Security 的 MVC 6 RCP 6 中,我能够使用自定义 SecurityTokenValidator。

在 RC 中,Beta4 中不存在 Microsoft.AspNet.Security,因此我将代码更改为使用 Microsoft.AspNet.Authentication,如下所示:(编译并运行,但 SecurityTokenValidator 永远不会触发。

services.Configure<ExternalAuthenticationOptions>(options =>
{
    options.SignInScheme = OAuthBearerAuthenticationDefaults.AuthenticationScheme;
});

app.UseOAuthBearerAuthentication(options =>
{           
    options.TokenValidationParameters.ValidateAudience = true;
    options.TokenValidationParameters.ValidateIssuer = true;
    options.TokenValidationParameters.RequireSignedTokens = false;
    options.AuthenticationScheme = OAuthBearerAuthenticationDefaults.AuthenticationScheme;
    options.AutomaticAuthentication = true;
    options.SecurityTokenValidators = new List<ISecurityTokenValidator> { validator };
});
4

2 回答 2

0

将 app.UseOAuthBearerAuthentication 代码替换为

app.UseMiddleware<OAuthBearerAuthenticationMiddleware>(new ConfigureOptions<OAuthBearerAuthenticationOptions>(options =>
{
options.AutomaticAuthentication = true;
                options.SecurityTokenValidators = new List<ISecurityTokenValidator> { validator };
}));
于 2015-05-12T17:30:58.840 回答
0

你说对了?

今天发生 CustomSecurityValidationToken 没有触发,因为内部异常被抛出(在我的例子中,内部验证基于 params 发生)。尝试调试通知,如果它触发“AuthenticationFailed”,您将在“context”变量中找到名为“Exception”的属性(如果有)。

  app.UseOAuthBearerAuthentication(bearer =>
        {                
            bearer.SecurityTokenValidators = new List<ISecurityTokenValidator>() { new CustomSecurityValidationToken() };
            bearer.AutomaticAuthentication = true;
            bearer.Notifications = new OAuthBearerAuthenticationNotifications()
            {
                SecurityTokenReceived = context =>
                {
                    return Task.FromResult(0);
                },
                MessageReceived = context =>
                {
                    return Task.FromResult(0);
                },
                SecurityTokenValidated = context =>
                {
                    return Task.FromResult(0);
                },
                AuthenticationFailed = context =>
                {
                    context.Response.Redirect("Home/Error?message=" + context.Exception.Message);
                    return Task.FromResult(0);
                }
            };
        });
于 2015-05-14T12:57:54.470 回答