获得一个访问令牌在ASP.NET 5 [英] Getting an access token in ASP.NET 5
问题描述
我的ASP.NET 5(MVC 6 +同β7)Web应用程序(MVC +的WebAPI)才能取回从登录的WebAPI的调用的access_token。
My ASP.NET 5 (MVC 6 + beta7) web application (MVC + WebAPI) is required to get back an access_token from WebAPI login calls.
到目前为止,谷歌上搜索距离,我已经创建了下面的code为startup.cs:
So far, from googling, I have created the following code for startup.cs:
app.UseOAuthBearerAuthentication(options => {
options.AutomaticAuthentication = true;
options.Audience = "http://localhost:62100/";
options.Authority = "http://localhost:62100/";
});
我的客户端是:
var login = function ()
{
var url = "http://localhost:62100/";
var data = $("#userData").serialize();
data = data + "&grant_type=password";
$.post(url, data)
.success(saveAccessToken)
.always(showResponse);
return false;
};
时使用它所需的 UseOpenIdConnectServer ?如果是这样,我怎么使用 SigningCredentials 让我得到一个标记(例如MVC5 ApplicationOAuthProvider)?
Is it required to use UseOpenIdConnectServer? If so, how do I use SigningCredentials so that I get a token (e.g. MVC5 ApplicationOAuthProvider)?
请注意,我的网站是简单的演示HTTP网站,我不需要任何SSL。
Please note that my site is simple demo HTTP site and I do not need any SSL.
推荐答案
使用 AspNet.Security.OpenIdConnect.Server 不是必需的。你 - 自由选择另一台服务器(如IdentityServer)或定制解决方案 - 当然。
作为后面ASPNET-的contrib的主要开发者,我真的不客观的,所以我一定建议用 app.UseOpenIdConnectServer会()。
Using AspNet.Security.OpenIdConnect.Server is not "required". You're - of course - free to opt for another server (like IdentityServer) or for a custom solution.
Being the main developer behind aspnet-contrib, I'm not really objective, so I'll necessarily suggest going with app.UseOpenIdConnectServer().
在素β3(对于ASP.NET 5 beta8)时,OIDC服务器中间件已经丰富了自动密钥生成和持久性,所以你不再需要为自己设定签约凭证。一切应该是透明的。当然,使用存储在计算机存储中的X.509证书仍然是生产环境中推荐的方法。
In beta3 (for ASP.NET 5 beta8), the OIDC server middleware has been enriched with automatic key generation and persistence so you no longer have to set signing credentials yourself. Everything is supposed to be transparent. Of course, using a X.509 certificate stored in the machine store is still the recommended approach for production environments.
下面是你如何开始:
public class Startup {
public void ConfigureServices(IServiceCollection services) {
services.AddAuthentication();
}
public void Configure(IApplicationBuilder app) {
// Add a new middleware validating the encrypted
// access tokens issued by the OIDC server.
app.UseOAuthValidation();
// Add a new middleware issuing tokens.
app.UseOpenIdConnectServer(options => {
options.TokenEndpointPath = "/connect/token";
options.Provider = new OpenIdConnectServerProvider {
// Override OnValidateTokenRequest to skip client authentication.
OnValidateTokenRequest = context => {
// Reject the token requests that don't use
// grant_type=password or grant_type=refresh_token.
if (!context.Request.IsPasswordGrantType() &&
!context.Request.IsRefreshTokenGrantType()) {
context.Reject(
error: OpenIdConnectConstants.Errors.UnsupportedGrantType,
description: "Only grant_type=password and refresh_token " +
"requests are accepted by this server.");
return Task.FromResult(0);
}
// Since there's only one application and since it's a public client
// (i.e a client that cannot keep its credentials private),
// call Skip() to inform the server the request should be
// accepted without enforcing client authentication.
context.Skip();
return Task.FromResult(0);
},
// Override OnHandleTokenRequest to support
// grant_type=password token requests.
OnHandleTokenRequest = context => {
// Only handle grant_type=password token requests and let the
// OpenID Connect server middleware handle the other grant types.
if (context.Request.IsPasswordGrantType()) {
// Do your credentials validation here.
// Note: you can call Reject() with a message
// to indicate that authentication failed.
var identity = new ClaimsIdentity(
context.Options.AuthenticationScheme);
identity.AddClaim(ClaimTypes.NameIdentifier, "[unique id]");
// By default, claims are not serialized
// in the access and identity tokens.
// Use the overload taking a "destinations"
// parameter to make sure your claims
// are correctly inserted in the appropriate tokens.
identity.AddClaim("urn:customclaim", "value",
OpenIdConnectConstants.Destinations.AccessToken,
OpenIdConnectConstants.Destinations.IdentityToken);
var ticket = new AuthenticationTicket(
new ClaimsPrincipal(identity),
new AuthenticationProperties(),
context.Options.AuthenticationScheme);
// Call SetScopes with the list of scopes you want to grant
// (specify offline_access to issue a refresh token).
ticket.SetScopes("profile", "offline_access");
context.Validate(ticket);
}
return Task.FromResult(0);
}
}
});
}
}
project.json
{
"dependencies": {
"AspNet.Security.OAuth.Validation": "1.0.0-alpha2-final",
"AspNet.Security.OpenIdConnect.Server": "1.0.0-beta6-final"
}
}
您还可以阅读这篇博客文章,解释如何实现资源的所有者密码授予:<一href=\"http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-implementing-the-resource-owner-password-credentials-grant/\" rel=\"nofollow\">http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-implementing-the-resource-owner-password-credentials-grant/
You can also read this blog post, that explains how to implement the resource owner password grant: http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-implementing-the-resource-owner-password-credentials-grant/
这篇关于获得一个访问令牌在ASP.NET 5的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
