在C#中手动解码OAuth承载令牌 [英] Manually decode OAuth bearer token in c#

问题描述

在基于Web Api 2.2 OWIN的应用程序中，遇到一种情况，我需要手动解码承载令牌，但我不知道该怎么做. 这是我的startup.cs

In my Web Api 2.2 OWIN based application I have a situation where I manually need to decode the bearer token but I don't know how to do this. This is my startup.cs

public class Startup
{
    public static OAuthAuthorizationServerOptions OAuthServerOptions { get; private set; }
    public static UnityContainer IoC;
    public void Configuration(IAppBuilder app)
    {
        //Set Auth configuration
        ConfigureOAuth(app);

        ....and other stuff
    }

    public void ConfigureOAuth(IAppBuilder app)
    {
        OAuthServerOptions = new OAuthAuthorizationServerOptions()
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
            Provider = new AuthProvider(IoC.Resolve<IUserService>(), IoC.Resolve<IAppSettings>())
        };

        // Token Generation
        app.UseOAuthAuthorizationServer(OAuthServerOptions);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
    }
}

在我的控制器中，我将不记名令牌作为参数发送

In my controller Im sending the bearer token as a parameter

[RoutePrefix("api/EP")]
public class EPController : MasterController
{
    [HttpGet]
    [AllowAnonymous]
    [Route("DC")]
    public async Task<HttpResponseMessage> GetDC(string token)
    {
        //Get the claim identity from the token here
        //Startup.OAuthServerOptions...

        //..and other stuff
    }
}

如何从作为参数传递的令牌中手动解码并获取声明?

How to manually decode and get the claims from the token passed as a parameter?

注意:我知道我可以在标头中发送令牌并使用[Authorize]和(ClaimsIdentity)User.Identity等，但是问题是当令牌中未显示令牌时如何读取令牌标头.

NOTE: I know I can send the token in the header and use [Authorize] and (ClaimsIdentity)User.Identity etc but the question is how to read the token when it's not presented in the header.

推荐答案

我创建了一个示例项目，用于反序列化承载令牌，这些承载令牌使用MachineKeyDataProtector进行了加密. 您可以看一下源代码.

I created a sample project for deserializing bearer tokens, which are encrypted using the MachineKeyDataProtector. You can take a look at the source code.

Bearer-Token-Deserializer

这篇关于在C#中手动解码OAuth承载令牌的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！