从MVC中的Web API身份验证令牌中提取用户详细信息 [英] Extract User details from web api auth token in MVC
问题描述
我正在将webapi项目用作我的身份验证服务器以及资源服务器.目的是通过Android应用程序访问服务.我也想要在MVC应用程序中编写的Web前端.我最初使用默认的MVC身份验证,但已移至Web Pai分发令牌.我可以从webapi服务接收auth令牌,尽管我可能只是缓存在客户端,但我仍将令牌以cookie的形式发送给客户端.我目前正在运行以下OAuthBearerAuthenticationProvider:
I am using a webapi project as my auth Server and also resource server. The intention is to access the serivice form an Android app. I also want a web front end which is being written in an MVC app. I originally used the default MVC auth but have moved to web pai handing out tokens. I can recieve the auth token form the webapi service and I am sending the token to the client in a cookie although I may just cache is client side. I currently have the following OAuthBearerAuthenticationProvider running:
public class CookieOAuthBearerProvider : OAuthBearerAuthenticationProvider
{
public override Task RequestToken(OAuthRequestTokenContext context)
{
base.RequestToken(context);
var value = context.Request.Cookies["AuthToken"];
if (!string.IsNullOrEmpty(value))
{
context.Token = value;
}
return Task.FromResult<object>(null);
}
}
在我的启动类中,我有以下方法:
and in my startup class I have this method:
private void ConfigureAuth(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
Provider = new CookieOAuthBearerProvider(),
});
}
我在Configuration方法中调用.
which I call in the Configuration method.
我似乎缺少的一点是如何利用将令牌转换为已登录用户的方法.我似乎无法弄清楚反序列化发生的位置.我尝试将configueAuth更改为:
The bit I seem to be missing is how to tap into converting my token into the logged in user. I cant seem to figure out where the deserializtion happens. I have tried changing my configueAuth to:
private void ConfigureAuth(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
Provider = new CookieOAuthBearerProvider(),
AccessTokenProvider = new AuthenticationTokenProvider()
{
OnReceive = receive
}
});
}
public static Action<AuthenticationTokenReceiveContext> receive = new Action<AuthenticationTokenReceiveContext>(c =>
{
c.DeserializeTicket(c.Token);
c.OwinContext.Environment["Properties"] = c.Ticket.Properties;
});
和我的receive方法被调用. AuthenticationTokenReceiveContext附加了我的令牌,但DeserializeTicket返回null.谁能告诉我我缺少从此令牌获取用户详细信息的信息吗?
and my receive method is being called. The AuthenticationTokenReceiveContext has my token attached but the DeserializeTicket is returning null. Can anyone advise what I am missing to get the User details form this token?
根据以下建议的答案进行更新.现在,状态代码和OAuthBearerAuthenticationOptions如下所示:
UPDATE as per suggested answer below. The Statrup code and OAuthBearerAuthenticationOptions now like like this:
public class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureAuth(app);
AreaRegistration.RegisterAllAreas();
FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);
RouteConfig.RegisterRoutes(RouteTable.Routes);
BundleConfig.RegisterBundles(BundleTable.Bundles);
}
private void ConfigureAuth(IAppBuilder app)
{
OAuthOpt = new OAuthBearerAuthenticationOptions()
{
Provider = new CookieOAuthBearerProvider(),
AccessTokenProvider = new AuthenticationTokenProvider()
{
OnReceive = receive
}
};
app.UseOAuthBearerAuthentication(OAuthOpt);
}
public static Action<AuthenticationTokenReceiveContext> receive = new Action<AuthenticationTokenReceiveContext>(c =>
{
var ticket = OAuthOpt.AccessTokenFormat.Unprotect(c.Token);
});
public static OAuthBearerAuthenticationOptions OAuthOpt { get; private set; }
}
但是我仍然得到一个空值.我可以在OAuthBearerAuthenticationOptions上缺少一些相关选项吗?
but I am still getting a null value out. Could I be missing some relevant option on the OAuthBearerAuthenticationOptions?
推荐答案
尝试一下.
将要内联实例化的OAuthBearerAuthenticationOptions
保存到Startup.Auth
中名为OAuthOpt
(或您喜欢的任何东西)的静态变量,并在想要检索用户信息的任何地方使用下面的代码.
Save the OAuthBearerAuthenticationOptions
you are instantiating inline to a static variable named OAuthOpt
(or anything you like) in Startup.Auth
and use the code below wherever you want to retrieve the user information.
Microsoft.Owin.Security.AuthenticationTicket ticket = Startup.OAuthOpt.AccessTokenFormat.Unprotect(token);`
我建议您使用Json Web Tokens (JWT)
并使用CustomOAuthProvider
自定义令牌生成. 这是Taiseer Joudeh的很好资源,介绍了如何执行此操作.您将必须使用此 nuget包来解码承载令牌.
I suggest you make use of Json Web Tokens (JWT)
and customize the token generation using a CustomOAuthProvider
. Here is a good resource from Taiseer Joudeh on how to do this. You will have to use this nuget package to decode the bearer tokens.
这篇关于从MVC中的Web API身份验证令牌中提取用户详细信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!