当自定义 SecurityTokenHandler 被触发时? [英] When custom SecurityTokenHandler gets triggered?
问题描述
我有一个简单的 REST Web 服务.我试图实现 SimpleWebToken 安全性,为此我创建了一个自定义的 SecurityTokenHandler 与重写的 CanreadToken 和 ReadToken 然后我在 web.cofig 文件中注册它.
I have a simple REST Web Service. I have tried to implement SimpleWebToken security therefor I created a custom SecurityTokenHandler with overridden CanreadToken and ReadToken then I registered it in web.cofig file.
<system.identityModel>
<identityConfiguration>
<securityTokenHandlers>
<clear/>
<add type="TestTokens.SimpleWebTokenHandler, TestTokens"></add>
</securityTokenHandlers>
<audienceUris>
<clear/>
<add value="http://mytestrealm/"/>
</audienceUris>
</identityConfiguration>
我认为 CanReadToken() 总是被调用,以确保可以处理传入的请求.为什么不叫?
I thought that CanReadToken() is always called, in order to make sure that the incoming request can be handled. Why it is not called?
推荐答案
没错,WIF 管道可用于对用户进行身份验证.看起来您正在寻找更多的 WebAPI 解决方案.我建议使用 Jwt 令牌,因为每个人似乎都倾向于这种方式.看看这里:http://www.cloudidentity.com/blog/2013/06/06/the-json-web-token-handler-for-net-4-5-reaches-ga/
That is correct, WIF plumbing can be used to authenticate users. It looks like you are looking for more of a WebAPI solution. I would recommend using Jwt tokens as everyone seems to be leaning that way. Have a look here: http://www.cloudidentity.com/blog/2013/06/06/the-json-web-token-handler-for-net-4-5-reaches-ga/
我们加入了一些有助于验证 WebAPI 的 jwt 的功能.
We put in some features that help when validating jwt's for WebAPI's.
这篇关于当自定义 SecurityTokenHandler 被触发时?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!