具有TokenEndpoint的基本身份验证的ASP.NET Core OAuth

时间:2019-05-20 20:15:33

标签: c# asp.net-core oauth-2.0

我正在尝试将ASP.Net Core 2.2与OAuth身份验证一起使用。要使用OAuth,请在Startup.cs的AddOAuth中使用public void ConfigureServices(IServiceCollection services)方法:

services.AddAuthentication(options =>
{
    options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    options.DefaultChallengeScheme = "Provider";
})            
.AddCookie()
.AddOAuth("Provider", options =>
{
    options.ClientId = Configuration["Provider:ClientId"];
    options.ClientSecret = Configuration["Provider:ClientSecret"];
    options.CallbackPath = new PathString("/callback");

    options.AuthorizationEndpoint = "https://api.provider.net/auth/code";
    options.TokenEndpoint = "https://api.provider.net/auth/token";
});

问题是,当中间件尝试使用TokenEndpoint获取授权代码时,我收到HTTP 401,因为提供程序希望此端点具有基本身份验证标头。

我的问题是,如何告诉中间件向TokenEndpoint请求添加基本的auth标头?

1 个答案:

答案 0 :(得分:0)

@Kirk Larkin感谢您发布链接,这帮助我大量提出了解决方案!

我创建了一个DelegateHandler,如果将请求发送到TokenEndpoint,则会添加一个基本的身份验证标头:

public class AuthorizingHandler : DelegatingHandler
{
    private readonly OAuthOptions _options;
    public AuthorizingHandler(HttpMessageHandler inner, OAuthOptions options)
        : base(inner)
    {
        _options = options;
    }

    protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        if(request.RequestUri == new Uri(_options.TokenEndpoint))
        {
            string credentials = Convert.ToBase64String(ASCIIEncoding.ASCII.GetBytes(_options.ClientId + ":" + _options.ClientSecret));

            request.Headers.Add("Authorization", $"Basic {credentials}");
        }
        return base.SendAsync(request, cancellationToken);
    }
}

DelegateHandlerConfigureService方法中使用:

public void ConfigureServices(IServiceCollection services)
{
    // ...

    services.AddAuthentication(options =>
    {
        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = "Provider";
    })            
    .AddCookie()
    .AddOAuth("Provider", options =>
    {
        options.ClientId = Configuration["Provider:ClientId"];
        options.ClientSecret = Configuration["Provider:ClientSecret"];
        options.CallbackPath = new PathString("/callback");

        options.AuthorizationEndpoint = "https://api.provider.net/auth/code";
        options.TokenEndpoint = "https://api.provider.net/auth/token";

        var innerHandler = new HttpClientHandler();
        options.BackchannelHttpHandler = new AuthorizingHandler(innerHandler, options);

        //...
    });

    // ...
}
相关问题
最新问题