如何将授权令牌从一个webapi传递到另一个webapi? [英] How to pass Authorization token from one webapi to other webapi?

问题描述

我在Azure AD中配置了两个applications.一个是称为app-A的Web API，另一个是名为app-B的Web API.

I have configured two applications in Azure AD. One is a Web API called app-A and another is a Web API called app-B.

如何使用客户端凭据令牌在app-A处生成令牌 并将令牌传递给app-B?

how to I generate a token at app-A using client credentials token and pass that token to app-B?

推荐答案

如果我理解您的问题正确，那么您想将授权令牌从一个Web API服务转发到另一个Web API?

If I understand your question correct you want to forward Authorization token from one Web API service to another Web API?

这是我的方法:

• 创建请求上下文中存在的会话上下文.这是通过使用Unity和HierarchicalLifetimeManager完成的.
• 从app-a的请求中提取所有标头，并将其放入会话上下文中
• 在调用app-b之前，使用HttpClient插入cookie.

• Create a session context that exists within the request context. This is done by using Unity and HierarchicalLifetimeManager.
• Extract all headers from the request at app-a and put it into the session context
• Using the HttpClient to insert the cookies before calling app-b.

如果愿意，您也可以只提取令牌而不是提取所有cookie.

If you want to, you could also just extract the token only instead of all cookies.

SessionContext

public class SessionContext
{
    public string Token { get; private set; }
    public CookieHeaderValue Cookies { get; private set; }
    public void SetToken(string token)
    {
        if(Token != null)
            throw new InvalidOperationException("Token is already set in this session.");

        Token = token;
    }

    public void SetCookies(CookieHeaderValue cookies)
    {
        if (Cookies != null)
            throw new InvalidOperationException("Cookies is already set in this session.");
        Cookies = cookies;
    }
}

CookieFetcher

/// <summary>  ActionFilter to extract all cookie and add it to the <see cref="SessionContext"/>. </summary>
public class CookieFetcherAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(HttpActionContext actionContext)
    {
        var cookies = actionContext.Request.Headers.GetCookies().SingleOrDefault();

        if (cookies == null)
            return;

        var sessionContext = actionContext.Request.GetDependencyScope().GetService<SessionContext>();
        sessionContext.SetCookies(cookies);
    }
}

统一配置

// Gets a new TokenProvider per request
container.RegisterType<SessionContext>(new HierarchicalLifetimeManager()); 

客户

public class Client
{
    private CookieHeaderValue Cookies => sessionContext.Cookies;

    public Client(SessionContext sessionContext)
    {
        this.sessionContext = sessionContext;
    }

    private HttpClient CreateHttpClient()
    {
        // If cookie/sessionId based authentication is used. 
        if (Cookies != null)
        {
            handler.CookieContainer = ConvertToCookieContainer(Cookies, baseUri.GetRootHostName());
            handler.UseCookies = true;
        }

        var client = new HttpClient(handler, true);
        client.BaseAddress = baseUri;

        return client;
    }

    private static CookieContainer ConvertToCookieContainer(CookieHeaderValue cookies, string cookiePath)
    {
        var container = new CookieContainer();
        foreach (var cookie in cookies.Cookies)
        {
            container.Add(new Cookie(cookie.Name, cookie.Value, "/", cookiePath));
        }
        return container;
    }
}

这篇关于如何将授权令牌从一个webapi传递到另一个webapi?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！