ASP.NET Web Api:如何使用 URL 参数传递访问令牌 (oAuth 2.0)? [英] ASP.NET Web Api: How to pass an access token (oAuth 2.0) using URL parameter?
问题描述
你知道我如何在url参数中使用由默认asp.net web api 2 OAuth 2授权机制生成的access_token.目前,我可以通过发送带有 Authorization 标头的请求来成功授权,如下所示:
Do you have any idea how I can use, an access_token generated by the default asp.net web api 2 OAuth 2 authorization mechanism, in the url parameters. Currently I am able to authorize successfully by sending a request with Authorization header like this:
Accept: application/json
Content-Type: application/json
Authorization: Bearer pADKsjwMv927u...
我想要的是通过这样的 URL 参数启用授权:
What I want is to enable the authorization through URL parameter like this:
https://www.domain.com/api/MyController?access_token=pADKsjwMv927u...
推荐答案
好吧 - 我同意标题是一个更好的选择 - 但当然也有需要查询字符串的情况.OAuth2 规范也对其进行了定义.
Well - I agree that the header is a much better alternative - but there are of course situations where the query string is needed. The OAuth2 spec defines it as well.
无论如何 - 此功能内置在 Katana OAuth2 中间件中:
Anyways - this feature is built into the Katana OAuth2 middleware:
public class QueryStringOAuthBearerProvider : OAuthBearerAuthenticationProvider
{
readonly string _name;
public QueryStringOAuthBearerProvider(string name)
{
_name = name;
}
public override Task RequestToken(OAuthRequestTokenContext context)
{
var value = context.Request.Query.Get(_name);
if (!string.IsNullOrEmpty(value))
{
context.Token = value;
}
return Task.FromResult<object>(null);
}
}
然后:
var options = new JwtBearerAuthenticationOptions
{
AllowedAudiences = new[] { audience },
IssuerSecurityTokenProviders = new[]
{
new SymmetricKeyIssuerSecurityTokenProvider(
issuer,
signingKey)
},
Provider = new QueryStringOAuthBearerProvider("access_token")
};
这篇关于ASP.NET Web Api:如何使用 URL 参数传递访问令牌 (oAuth 2.0)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!