使用自定义用户数据库进行 Web API 令牌身份验证 [英] Web API token authentication with a custom user database
问题描述
我正在开发需要验证连接客户端(我将创建和控制的 HTML5/JS 客户端)的 Web API 2.1 服务.不幸的是,用户信息(用户名、密码哈希、角色和更多信息)存储在我只有读取权限的现有(SQL Server)数据库中.Users 数据库表是在 5-6 年前创建的,没有参考任何安全框架,因此它是一种完全自定义的格式.我不允许对数据或数据库结构进行任何更改.
I am developing a Web API 2.1 service that needs to authenticate the connecting clients (HTML5/JS clients that I will create and control). Unfortunately, the user information (username, password hashes, roles and much, much more info) is stored in an existing (SQL Server) database to which I only have read access. The Users database table was created 5-6 years ago without any reference to security frameworks, so it's a completely custom format. I'm not allowed to make any changes to either the data or the database structure.
灵感来自这篇文章,我推出了自己的基于令牌的用户身份验证方法,但缺乏使用既定安全框架的完整性和(再)保证.
Inspired by this article, I rolled my own token-based method of authenticating users, but I'm lacking the completeness and (re)assurance of using an established security framework.
有没有办法集成现有的框架,例如OAuth2,在我当前的项目中考虑到我上面提到的限制?我不知道这是否有什么不同,但我使用 OWIN 进行自托管.
Is there a way to integrate an existing framework, e.g. OAuth2, within my current project given the constraints I mentioned above? I don't know if it makes any difference, but I'm self-hosting using OWIN.
推荐答案
这是对类似问题的一个很好的回答.它基本上说:
This is a good answer to a similar question. It basically says:
- 制作一个实现
IUser的自定义用户类 - 定义一个实现
公共类UserStoreService的自定义用户存储: IUserStore, IUserPasswordStore - 连接一切
由于答案相当广泛,我只提供了基本步骤...详细信息在这里:如何在asp.net web api 2 中自定义对我自己的一组表的身份验证?
Since the answer is pretty extensive I just provided the basic steps... details are here: How to customize authentication to my own set of tables in asp.net web api 2?
这也是一个非常有价值的内容,同样适用于 web api:
This is also a very valuable content which also applies to web api:
通过 JumpStart 自定义带有身份的 ASP.NET 身份验证
https://channel9.msdn.com/Series/Customizing-ASPNET 身份验证
HTH
这篇关于使用自定义用户数据库进行 Web API 令牌身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
