我正在处理一些MVC 6和ASP.NET 5示例,我在查找有关使用承载令牌来保护API的任何有价值的文档时遇到了问题。我能够使这些样本与VS 2013,MVC 5一起工作,但我无法将这些示例移植到VS 2015和MVC 6.有没有人知道在MVC 6中实现承载令牌的任何好样本以保护API? / p>
答案 0 :(得分:2)
为了使用承载令牌验证请求,您可以下拉Microsoft.AspNet.Security.OAuthBearer包。然后,您可以使用OAuthBearerAuthenticationMiddleware
扩展方法将UseOAuthBearerAuthentication
中间件添加到管道中。
示例:
public void Configure(IApplicationBuilder app)
{
// ...
app.UseOAuthBearerAuthentication(options =>
{
options.Audience = "Redplace-With-Real-Audience-Info";
options.Authority = "Redplace-With-Real-Authority-Info";
});
}
另外,请查看WebApp-WebAPI-OpenIdConnect-AspNet5示例。
答案 1 :(得分:2)
Asp.Net Core中没有生成承载令牌的中间件。您可以创建own solution或实施一些基于社区的方法,例如
答案 2 :(得分:0)
我使用MVC 6,OpenId和Aurelia前端框架实现了基于令牌的身份验证实现的单页面应用程序。 在Startup.cs中,Configure方法如下所示:
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseIISPlatformHandler();
// Add a new middleware validating access tokens.
app.UseJwtBearerAuthentication(options => {
// Automatic authentication must be enabled
// for SignalR to receive the access token.
options.AutomaticAuthenticate = true;
// Automatically disable the HTTPS requirement for development scenarios.
options.RequireHttpsMetadata = !env.IsDevelopment();
// Note: the audience must correspond to the address of the SignalR server.
options.Audience = clientUri;
// Note: the authority must match the address of the identity server.
options.Authority = serverUri;
});
// Add a new middleware issuing access tokens.
app.UseOpenIdConnectServer(options => {
options.Provider = new AuthenticationProvider();
});
app.UseIISPlatformHandler(options => options.AuthenticationDescriptions.Clear());
app.UseStaticFiles();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
身份验证提供程序的定义如下:
public class AuthenticationProvider : OpenIdConnectServerProvider
{
public override Task ValidateClientAuthentication(ValidateClientAuthenticationContext context)
{
if (context.ClientId == "AureliaNetAuthApp")
{
// Note: the context is marked as skipped instead of validated because the client
// is not trusted (JavaScript applications cannot keep their credentials secret).
context.Skipped();
}
else {
// If the client_id doesn't correspond to the
// intended identifier, reject the request.
context.Rejected();
}
return Task.FromResult(0);
}
public override Task GrantResourceOwnerCredentials(GrantResourceOwnerCredentialsContext context)
{
var user = new { Id = "users-123", Email = "alex@123.com", Password = "AureliaNetAuth" };
if (context.UserName != user.Email || context.Password != user.Password)
{
context.Rejected("Invalid username or password.");
return Task.FromResult(0);
}
var identity = new ClaimsIdentity(OpenIdConnectDefaults.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, user.Id, "id_token token");
identity.AddClaim(ClaimTypes.Name, user.Email, "id_token token");
context.Validated(new ClaimsPrincipal(identity));
return Task.FromResult(0);
}
}
这定义了一个令牌端点,可以通过URL /connect/token
到达。
所以要从客户端请求令牌,这里是javascript代码,取自authSvc.js中的AuthService
:
login(username, password) {
var baseUrl = yourBaseUrl;
var data = "client_id=" + yourAppClientId
+ "&grant_type=password"
+ "&username=" + username
+ "&password=" + password
+ "&resource=" + encodeURIComponent(baseUrl);
return this.http.fetch(baseUrl + 'connect/token', {
method: 'post',
body : data
});
}
这里可以看到完整的消息来源:
https://github.com/alexandre-spieser/AureliaAspNetCoreAuth
希望这有帮助,
最佳,
亚历