从MVC中的Web API身份验证令牌中提取用户详细信息 [英] Extract User details from web api auth token in MVC

问题描述

我正在将webapi项目用作我的身份验证服务器以及资源服务器.目的是通过Android应用程序访问服务.我也想要在MVC应用程序中编写的Web前端.我最初使用默认的MVC身份验证，但已移至Web Pai分发令牌.我可以从webapi服务接收auth令牌，尽管我可能只是缓存在客户端，但我仍将令牌以cookie的形式发送给客户端.我目前正在运行以下OAuthBearerAuthenticationProvider:

I am using a webapi project as my auth Server and also resource server. The intention is to access the serivice form an Android app. I also want a web front end which is being written in an MVC app. I originally used the default MVC auth but have moved to web pai handing out tokens. I can recieve the auth token form the webapi service and I am sending the token to the client in a cookie although I may just cache is client side. I currently have the following OAuthBearerAuthenticationProvider running:

public class CookieOAuthBearerProvider : OAuthBearerAuthenticationProvider
{
    public override Task RequestToken(OAuthRequestTokenContext context)
    {
        base.RequestToken(context);
        var value = context.Request.Cookies["AuthToken"];
        if (!string.IsNullOrEmpty(value))
        {
            context.Token = value;
        }
        return Task.FromResult<object>(null);
    }    
}

在我的启动类中，我有以下方法:

and in my startup class I have this method:

private void ConfigureAuth(IAppBuilder app)
    {

        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
        {

            Provider = new CookieOAuthBearerProvider(),

        });
    }

我在Configuration方法中调用.

which I call in the Configuration method.

我似乎缺少的一点是如何利用将令牌转换为已登录用户的方法.我似乎无法弄清楚反序列化发生的位置.我尝试将configueAuth更改为:

The bit I seem to be missing is how to tap into converting my token into the logged in user. I cant seem to figure out where the deserializtion happens. I have tried changing my configueAuth to:

private void ConfigureAuth(IAppBuilder app)
    {

        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
        {

            Provider = new CookieOAuthBearerProvider(),
            AccessTokenProvider = new AuthenticationTokenProvider()
            {

                OnReceive = receive
            }
        });
    }

    public static Action<AuthenticationTokenReceiveContext> receive = new Action<AuthenticationTokenReceiveContext>(c =>
    {
        c.DeserializeTicket(c.Token);
        c.OwinContext.Environment["Properties"] = c.Ticket.Properties;
    });

和我的receive方法被调用. AuthenticationTokenReceiveContext附加了我的令牌，但DeserializeTicket返回null.谁能告诉我我缺少从此令牌获取用户详细信息的信息吗?

and my receive method is being called. The AuthenticationTokenReceiveContext has my token attached but the DeserializeTicket is returning null. Can anyone advise what I am missing to get the User details form this token?

根据以下建议的答案进行更新.现在，状态代码和OAuthBearerAuthenticationOptions如下所示:

UPDATE as per suggested answer below. The Statrup code and OAuthBearerAuthenticationOptions now like like this:

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        ConfigureAuth(app);
        AreaRegistration.RegisterAllAreas();
        FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
        RouteConfig.RegisterRoutes(RouteTable.Routes);
        BundleConfig.RegisterBundles(BundleTable.Bundles);
    }

    private void ConfigureAuth(IAppBuilder app)
    {

        OAuthOpt = new OAuthBearerAuthenticationOptions()
        {

            Provider = new CookieOAuthBearerProvider(),
            AccessTokenProvider = new AuthenticationTokenProvider()
            {

                OnReceive = receive
            }
        };
        app.UseOAuthBearerAuthentication(OAuthOpt);
    }

    public static Action<AuthenticationTokenReceiveContext> receive = new Action<AuthenticationTokenReceiveContext>(c =>
    {
        var ticket = OAuthOpt.AccessTokenFormat.Unprotect(c.Token);

    });

    public static OAuthBearerAuthenticationOptions OAuthOpt { get; private set; }
}

但是我仍然得到一个空值.我可以在OAuthBearerAuthenticationOptions上缺少一些相关选项吗?

but I am still getting a null value out. Could I be missing some relevant option on the OAuthBearerAuthenticationOptions?

推荐答案

尝试一下.

将要内联实例化的OAuthBearerAuthenticationOptions保存到Startup.Auth中名为OAuthOpt(或您喜欢的任何东西)的静态变量，并在想要检索用户信息的任何地方使用下面的代码.

Save the OAuthBearerAuthenticationOptions you are instantiating inline to a static variable named OAuthOpt (or anything you like) in Startup.Auth and use the code below wherever you want to retrieve the user information.

Microsoft.Owin.Security.AuthenticationTicket ticket = Startup.OAuthOpt.AccessTokenFormat.Unprotect(token);` 

我建议您使用Json Web Tokens (JWT)并使用CustomOAuthProvider自定义令牌生成. 这是Taiseer Joudeh的很好资源，介绍了如何执行此操作.您将必须使用此 nuget包来解码承载令牌.

I suggest you make use of Json Web Tokens (JWT) and customize the token generation using a CustomOAuthProvider. Here is a good resource from Taiseer Joudeh on how to do this. You will have to use this nuget package to decode the bearer tokens.

这篇关于从MVC中的Web API身份验证令牌中提取用户详细信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！