的ASP.NET Web API：如何通过使用URL参数的访问令牌（OAuth 2.0用户）？ [英] ASP.NET Web Api: How to pass an access token (oAuth 2.0) using URL parameter?

问题描述

你有什么想法，我如何使用，由默认的asp.net网页API 2 2的OAuth认证机制产生的access_token，在URL参数。目前，我能够通过发送授权请求成功授权头是这样的：

 接受：应用/ JSON
内容类型：应用程序/ JSON
授权：承载pADKsjwMv927u ...
 

我要的是能够通过这样的URL参数授权：

  HTTPS：//www.domain.com/api/MyController的access_token = pADKsjwMv927u ...
 

解决方案

嘛 - 我同意的标题是一个更好的选择 - 但也有在需要查询字符串过程中的情况。该的OAuth2规范定义它。

不管怎么说 - 该功能内置于武士刀的OAuth2中间件：

<一个href=\"http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/\">http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/

 公共类QueryStringOAuthBearerProvider：OAuthBearerAuthenticationProvider
{
    只读字符串_name;    公共QueryStringOAuthBearerProvider（字符串名称）
    {
        _name =名称;
    }    公众覆盖任务RequestToken（OAuthRequestTokenContext上下文）
    {
        VAR值= context.Request.Query.Get（_name）;        如果（！string.IsNullOrEmpty（值））
        {
            context.Token =价值;
        }        返回Task.FromResult＆LT;对象＆gt;（NULL）;
    }
}
 

和则：

  VAR选项=新JwtBearerAuthenticationOptions
{
    AllowedAudiences =新[] {}观众，
    IssuerSecurityTokenProviders =新[]
        {
            新SymmetricKeyIssuerSecurityTokenProvider（
                发行人，
                signingKey）
        }，
    供应商=新QueryStringOAuthBearerProvider（的access_token）
};
 

Do you have any idea how I can use, an access_token generated by the default asp.net web api 2 OAuth 2 authorization mechanism, in the url parameters. Currently I am able to authorize successfully by sending a request with Authorization header like this:

Accept: application/json
Content-Type: application/json
Authorization: Bearer pADKsjwMv927u...

What I want is to enable the authorization through URL parameter like this:

https://www.domain.com/api/MyController?access_token=pADKsjwMv927u...

解决方案

Well - I agree that the header is a much better alternative - but there are of course situations where the query string is needed. The OAuth2 spec defines it as well.

Anyways - this feature is built into the Katana OAuth2 middleware:

http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/

public class QueryStringOAuthBearerProvider : OAuthBearerAuthenticationProvider
{
    readonly string _name;

    public QueryStringOAuthBearerProvider(string name)
    {
        _name = name;
    }

    public override Task RequestToken(OAuthRequestTokenContext context)
    {
        var value = context.Request.Query.Get(_name);

        if (!string.IsNullOrEmpty(value))
        {
            context.Token = value;
        }

        return Task.FromResult<object>(null);
    }
}

And then:

var options = new JwtBearerAuthenticationOptions
{
    AllowedAudiences = new[] { audience },
    IssuerSecurityTokenProviders = new[]
        {
            new SymmetricKeyIssuerSecurityTokenProvider(
                issuer,
                signingKey)
        },
    Provider = new QueryStringOAuthBearerProvider("access_token")
};

这篇关于的ASP.NET Web API：如何通过使用URL参数的访问令牌（OAuth 2.0用户）？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！