Question

我使用OAuth2和服务器，wininet作为http客户端。我看不出如何设置wininet来使用持票人令牌（只是看看如何设置基本身份验证的用户名和密码）。是否有可能告诉wininet使用不记名令牌？（类似于INTERNET_OPTION_USERNAME ......）

Answer 1

这是从谷歌获取访问令牌的相同代码。注意public class MoviesController : Controller { private MovieDBContext db = new MovieDBContext(); /* Bunch of Other GET Actions */ // POST: Movies/Delete/5 [HttpPost, ActionName("Delete")] [ValidateAntiForgeryToken] public ActionResult DeleteConfirmed(int id) { Movie movie = db.Movies.Find(id); db.Movies.Remove(movie); db.SaveChanges(); return RedirectToAction("Index"); } /* Bunch of Other GET Actions */ }使用InternetOpenA作为用户名和密码。如果成功，它将读取包含访问令牌的NULL中的JSON文件，此访问令牌将用于后续的GET / POST请求。

str

Answer 2

将“Authorization: Bearer”+ 令牌传递给 HttpAddRequestHeaders()。就我而言，我必须从 win32 C++ MFC (WinInet) 客户端访问 IdentityServer API。确保使用服务器域而不是 IP 地址设置 InternetConnect() 并且令牌具有正确的范围。

HINTERNET hSession, hConnect, hRequest;
hSession = InternetOpen( NULL, INTERNET_OPEN_TYPE_DIRECT, NULL, NULL, 0 );
if( hSession )
{
    CString strServerDomain = GetServerDomainName();
    hConnect = InternetConnect( hSession, strServerDomain, INTERNET_DEFAULT_HTTPS_PORT, 
    NULL, NULL,INTERNET_SERVICE_HTTP, 0, 0 );
    if( hConnect )
    {
        hRequest = HttpOpenRequest( hConnect, "GET", strParams, NULL, NULL, 0, 
        INTERNET_FLAG_DONT_CACHE | INTERNET_FLAG_SECURE, 0 );   // strParams = "projectName/controller/Action/"
        if( hRequest )
        {
            CString strToken = "Your Token Goes Here";  // Token
            CString strHeader = "";
            strHeader.Format( "Authorization: Bearer %s", strToken );

            BOOL bHeaderAdded = HttpAddRequestHeaders( hRequest, strHeader, strHeader.GetLength(), 0 );
            ASSERT( bHeaderAdded );

            BOOL hHttpRequest = HttpSendRequest( hRequest, NULL, 0, NULL, 0 );

如何设置WinInet使用承载令牌

2 个答案: