使用自定义用户数据库的Web API令牌认证 [英] Web API token authentication with a custom user database
问题描述
我开发一个Web API 2.1服务需要连接的客户端(即我将创建和控制HTML5 / JS客户端)进行身份验证。不幸的是,用户信息(用户名,密码哈希,角色很多,很多详细信息)存储在现有的(SQL Server)的数据库,而我只有读权限。在用户数据库表创建5 - 6年前,没有任何参考的安全框架,所以这是一个完全自定义的格式。我不能做任何修改数据或者数据库结构。
I am developing a Web API 2.1 service that needs to authenticate the connecting clients (HTML5/JS clients that I will create and control). Unfortunately, the user information (username, password hashes, roles and much, much more info) is stored in an existing (SQL Server) database to which I only have read access. The Users database table was created 5-6 years ago without any reference to security frameworks, so it's a completely custom format. I'm not allowed to make any changes to either the data or the database structure.
按<一个启发href=\"http://www.$c$cproject.com/Articles/630986/Cross-Platform-Authentication-With-ASP-NET-Web-API\">this文章,我滚了验证用户身份的我自己的基于令牌的方法,但我缺乏利用已建立的安全框架的完整性和(再)保险。
Inspired by this article, I rolled my own token-based method of authenticating users, but I'm lacking the completeness and (re)assurance of using an established security framework.
是否有整合现有的框架,例如一种方式OAuth2用户,我当前的项目内给予我上面提到的限制?我不知道这有什么差别,但我使用OWIN自托管。
Is there a way to integrate an existing framework, e.g. OAuth2, within my current project given the constraints I mentioned above? I don't know if it makes any difference, but I'm self-hosting using OWIN.
编辑:我不知道为什么两个人downvoted这个问题 - 是不是真的那么糟吗?这是一个真正的问题,就我而言,我很想有一个答案(即使是的不,你不能这样做,因为... 的)。如果这些人能在注释说明自己的理由,那会是AP preciated。
I don't know why a couple of people downvoted this question - is it really that bad? It's a genuine question as far as I'm concerned, and I would love to have an answer (even if it's "no, you can't do that because..."). If those people can explain their reasons in a comment, that'd be appreciated.
推荐答案
这是一个很好的回答类似的问题。
它基本上是说:
This is a good answer to a similar question. It basically says:
- 请它实现了一个自定义的用户类
IUSER
- 定义自定义用户存储,它实现
公共类UserStoreService
:IUserStore&LT; CustomUser&gt;中IUserPasswordStore&LT; CustomUser&GT; - 电线的一切行动
既然答案是pretty广泛我只是提供了基本的步骤......
详情请看这里:<一href=\"http://stackoverflow.com/questions/20529401/how-to-customize-authentication-to-my-own-set-of-tables-in-asp-net-web-api-2\">How定制验证我自己的一套在asp.net网页API表2?
Since the answer is pretty extensive I just provided the basic steps... details are here: How to customize authentication to my own set of tables in asp.net web api 2?
这也同样适用于网页API一个非常有价值的内容:
This is also a very valuable content which also applies to web api:
定制ASP.NET验证通过身份通过的JumpStart
https://www.youtube.com/watch?v=uhfEAD2LqYw
这里是一个链接的另一个版本(因为链路被报告为死亡):
https://www.youtube.com/watch?v=zKTseyrwr4o
心连心
这篇关于使用自定义用户数据库的Web API令牌认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!