验证的Azure移动服务令牌在服务的WebAPI [英] Validating Azure Mobile Service token in a WebApi service

问题描述

我想实现的一个跨平台的移动应用程序消耗的WebAPI服务认证和鉴定。

I am trying to implement authenticating and identification on a cross-platform mobile application consuming a WebApi service.

我的计划是认证出口到联合云服务，如新的Azure移动服务。客户Mobile应用程序会消耗移动服务认证流程，获得令牌，将有比它的要求头到的WebAPI，这反过来将验证它，并从中提取的用户ID发送里面

My plan is to export the authentication to a federated cloud service, such as the new Azure Mobile Service. The Client Mobile application will consume the Mobile Service authentication flow, get a token, and will than have it sent inside the requests' headers to the WebApi, which in turn will validate it and extract the UserId from it.

假设我已经配置了智威汤逊的WebAPI令牌使用 DelegatingHandler 拦截器的验证，
是否有可能来验证在Azure移动服务发出的令牌？

Assuming I already configured the WebApi the validate JWT tokens using DelegatingHandler interceptor, is it possible to validate tokens issued by the Azure Mobile Service?

什么是对SymmetricKey，发行人，与受众正确的价值观？

What would be the correct values for SymmetricKey, Issuer, and Audience?

我在正确的方向前进？

推荐答案

从 HTTP的职位：//www.thejoyof$c$c.com/Generating_your_own_ZUMO_auth_token_Day_8_.aspx 展示了如何的生成的一个蓝色的手机信息服务的道理，但有你需要验证它的信息，以及。基本上，关键你需要使用来验证它是从服务中的主键的（不分发关键，任何客户端，但如果它是codeD安全地为您服务，这应该是精细）。观众取决于其创建的标记提供商（例如，为FB，它的字符串脸谱）。发行人设置为金塔：微软：Windows的蔚蓝色。谟

The post at http://www.thejoyofcode.com/Generating_your_own_ZUMO_auth_token_Day_8_.aspx shows how to generate an Azure Mobile Service token, but that has the information you need to validate it as well. Basically, the key you need to use to validate it is the master key from the service (do not distribute that key to any clients, but if it's coded securely in your service, that should be fine). The audience depends on the provider which created the token (e.g., for FB, it's the string "Facebook"). The issuer is set to urn:microsoft:windows-azure:zumo.

这篇关于验证的Azure移动服务令牌在服务的WebAPI的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！