传递和的WebAPI核实查询字符串中OWIN承载令牌 [英] Passing and verifying the OWIN Bearer token in Query String in WebAPI

问题描述

短版本：
我需要传递和验证OWIN轴承令牌作为​​查询参数，而不是在请求标头。

Short Version: I need to pass and verify the OWIN bearing token as a query parameter rather than in the request header.

我如何再拿到方法来授权基于令牌的字符串？

How do I then get the method to authorized based on that token string?

背景：
我想调用一个方法的WebAPI下载文件作为流（永不希望用户从已知的文件位置下载）。

Background: I want to call a webapi method to download a file as a stream (and never want the user to download it from a known file location).

我不能得到这个工作，如果我还需要设置一个自定义的请求头即承载令牌。

I can't get this to work if I also need to set a custom Request header i.e. the bearer token.

我应该能够通过令牌在查询字符串 - 但不知道如何获取令牌，然后验证用户

I should be able to pass the token in the query string - but don't know how to get that token to then authenticate the user.

我需要过滤？我是否需要特殊的索赔等？
请问的WebAPI方法需要包括的access_token作为函数的参数之一？

Do I need to filter? Do I need a special claim etc? Does the webapi method need to include "access_token" as one of the function parameters?

推荐答案

我写了一篇关于如何工作在这里：
<一href=\"http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/\" rel=\"nofollow\">http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/

I wrote about how that works here: http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/

这篇关于传递和的WebAPI核实查询字符串中OWIN承载令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！