在资源服务器中验证 Oauth Bearer Token [英] validate Oauth Bearer Token in Resource Server
问题描述
我正在尝试使用 oauthAuthorizationServerProvider 编写自己的 oauth 身份验证服务器.客户端向 Authserver 请求令牌.如果客户端凭据是有效的身份验证服务器,则提供访问令牌.现在客户端向资源服务器发送每个请求的令牌.我无法理解资源服务器将如何验证由身份验证服务器生成的令牌.任何人都可以使用 oauthAuthorizationServerProvider 给出任何示例代码.
I am trying to write my own oauth authentication server with oauthAuthorizationServerProvider. The client requests the Authserver for token. If client credentials are valid auth server with give a access token. now the client send the token with every request to the resource sever. i am unable to understand how the resource server will validate the token which was generated by the auth server. can anybody give any example code using oauthAuthorizationServerProvider.
以下是我尝试过的实现:
Below is the implementation that i have tried:
public class AuthorizationServerProvider : OAuthAuthorizationServerProvider
{
public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
return Task.FromResult<object>(context.Validated());
}
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
{
context.AdditionalResponseParameters.Add(property.Key, property.Value);
}
return Task.FromResult<object>(null);
}
public override Task TokenEndpointResponse(OAuthTokenEndpointResponseContext context)
{
string path = @"e:\temp\MyTest.txt";
File.WriteAllText(path, context.AccessToken);
return base.TokenEndpointResponse(context);
}
}
public void Configuration(IAppBuilder app)
{
ConfigureOAuth(app);
}
public void ConfigureOAuth(IAppBuilder app)
{
OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions() {
AllowInsecureHttp=true,
TokenEndpointPath= new PathString("/Token"),
AccessTokenExpireTimeSpan = TimeSpan.FromMinutes(20),
Provider = new AuthorizationServerProvider(),
};
app.UseOAuthAuthorizationServer(OAuthServerOptions);
app.UseOAuthBearerAuthentication(OAuthBearerOptions);
}
现在我无法使用 postman 测试它.如果我的实施对于 client_credentials 授权是正确的,有人可以帮助我.
Now i am not able to test it using postman. can someone help me if my implementation is correct for client_credentials authorization.
P.S:我想调试 TokenEndpointResponse 方法和 startup 中的类.我该怎么做?
P.S: I want to debug TokenEndpointResponse method and also classes in startup. How can i do that?
推荐答案
令牌包含授权服务器生成的身份验证票.资源服务器从令牌中提取票证并检查它是否有效.
The token contains the authentication ticket generated by the authorization server. The resource server extracts the ticket from the token and checks that it is valid.
此任务由 Microsoft.Owin.Security.OAuth dll 完成.
This tasks are accomplished by the Microsoft.Owin.Security.OAuth dll.
授权服务器和资源服务器必须共享相同的机器密钥,用于加密令牌内的身份验证票并解密令牌以获取票证.您可以将其包含在两个网站(服务器)的 web.config 中:
Both authorization and resource servers must share the same machine key that is used to encrypt the authentication ticket inside the token and decrypt the token to obtain the ticket. You can include it in the web.config of both web sites (servers):
<system.web>
...
<machineKey validationKey="BDE1234FBD71982481D87D815FA0A65B9F5982D123FA96E5672B78ABCD52D58818B479B19FF6D95263E85B0209297E68ABBA7D1E0BD3EABCD5E35742DEA5F2A7"
decryptionKey="8E8496D7342EA25ABCDEF6177E04EA00008E359C95E60CD0789456123B9ED2B3"
validation="SHA1" decryption="AES" />
...
</system.web>
TokenEndpointResponse 是 OAuthAuthorizationServerProvider 中执行的最后一个方法,并且只有在其他方法中的所有验证都正确时,您才能进行调试,直到提供程序正常工作.
TokenEndpointResponse is the last method executed in the OAuthAuthorizationServerProvider and only if all the validations in the other methods are correct, then you cannot debug until the provider works properly.
我的 oauth 服务器实现基于以下 post 来自 Taiseer Joudeh,我想你可以看到光阅读他的解释和查看代码.
I based my oauth server implementation in the following post by Taiseer Joudeh, I think you can see the light reading his explanations and viewing the code.
希望对你有帮助.
这篇关于在资源服务器中验证 Oauth Bearer Token的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
