添加授权标头与访问令牌使用MvcHandler每个请求 [英] Adding authorization header with access token for every request using MvcHandler

问题描述

我想，以实现对资源服务器的OAuth 2.0资源访问权限。我已经获得令牌，并希望将令牌传递到资源服务器，使服务器资源可以与为每个请求授权服务器验证，传递令牌在HTTP头
（例如授权：承载mF_9.B5f-4.1JqM）。

I'm trying to implement OAuth 2.0 resource access for the resource server. I have acquired a token and want to pass that token to the resource server so that resource server could validate with the authorization server for every request, passing the token in the http header (e.g. Authorization: Bearer mF_9.B5f-4.1JqM).

我使用MVC 4，我已经告诉MvcHandler应该用来实现这一可是我不知道从哪里开始。任何人都可以点我上应该做什么一个大方向？我已经有一大堆的动作和控制器，并希望把这个层上那些顶部而不是要回的每一个动作和变化的和/或装饰每一个动作。

I'm using MVC 4, and I've been told MvcHandler should be used to achieve this However I'm not sure where to start. Can anyone point me to a general direction on what should be done? I already have bunch of actions and controllers and want to put this layer on top of those instead of going back to every action and changing and/or decorating each action.

推荐答案

使用的验证器

认证过滤器是一种新型的过滤器在ASP.NET MVC的
  运行之前，在ASP.NET MVC授权管道和过滤器
  让你的每次动作指定验证逻辑，每个控制器，
  或全球所有控制器。认证过程中的过滤器
  凭据请求，并提供相应的本金。
  验证器还可以添加认证挑战
  针对未授权的请求。

Authentication filters are a new kind of filter in ASP.NET MVC that run prior to authorization filters in the ASP.NET MVC pipeline and allow you to specify authentication logic per-action, per-controller, or globally for all controllers. Authentication filters process credentials in the request and provide a corresponding principal. Authentication filters can also add authentication challenges in response to unauthorized requests.

您只需要执行 IAuthenticationFilter 为您的需要进行注册，它的完成。

You just need to implement the IAuthenticationFilter for your needs register it and it's done.

public class YourAuthenticationAttribute : ActionFilterAttribute, IAuthenticationFilter
    {
        public void OnAuthentication(AuthenticationContext filterContext)
        {            
        }

        public void OnAuthenticationChallenge(AuthenticationChallengeContext filterContext)
        {   
            if (user.Identity.IsAuthenticated == false)
            {
                 filterContext.Result = new HttpUnauthorizedResult();
            }
        }
    }

如果你希望它是全球性的它添加为全局过滤器的 FilterConfig.cs

If you want it to be global add it as a global filter in FilterConfig.cs

public static void RegisterGlobalFilters(GlobalFilterCollection filters)
{
    filters.Add(new YourAuthenticationAttribute());
}

更多信息：

ASP.NET MVC 5认证过滤器

ASP.NET MVC 5认证过滤器

身份验证筛选器>

AUTHENTICATION FILTERS IN ASP.NET MVC 5

最后，新的ASP.NET MVC认证5过滤器！

这篇关于添加授权标头与访问令牌使用MvcHandler每个请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！