在网页API使用OAuth认证 [英] Authentication using OAuth in Web API

问题描述

我正在使用ASP.Net MVC5其中还包括一个Web API的项目。该API将是仅供内部使用。我使用的OWIN库供应商的认证。

I'm working on a project using ASP.Net MVC5 which also includes a Web API. The API will be for internal use only. I'm using the OWIN library to provider authentication.

我有困难的时候搞清楚如何正确通过API实现身份验证。我打算使用OAuth 2.0，但与OAuth的问题是，用户需要通过浏览器页面，而不是本机的登录界面登录。所以我想知道是否有可能以某种方式跳过浏览器。

I'm having a difficult time figuring out how to correctly implement authentication through the API. I was planning on using OAuth 2.0 but the problem with OAuth is that the user needs to login through a browser page instead of a native login screen. So I was wondering if it is possible to somehow skip the browser.

我发现<一个href=\"https://katanaproject.$c$cplex.com/SourceControl/latest#tests/Katana.Sandbox.WebServer/Startup.cs\">this例如创造它自己的OAuth授权服务器。不过，这并不说明如何让本地登录

I've found this example which creates it's own OAuth Authorization Server. But it doesn't show how to make the login native.

推荐答案

如果它是一个高度受信任的客户端，那么你可以使用的OAuth2资源所有者口令流。你可以看一下在VS2013 SPA模板和/或对这个职位阅读：

If it's a highly trusted client, then you can use the OAuth2 resource owner password flow. You can look at the VS2013 SPA template and/or read on this post:

<一个href=\"http://leastprivilege.com/2013/11/13/embedding-a-simple-usernamepassword-authorization-server-in-web-api-v2/\">http://leastprivilege.com/2013/11/13/embedding-a-simple-usernamepassword-authorization-server-in-web-api-v2/

这篇关于在网页API使用OAuth认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！