MVC-6 VS MVC-5 BearerAuthentication在网页API [英] MVC-6 vs MVC-5 BearerAuthentication in Web API

问题描述

我有使用UseJwtBearerAuthentication以我的身份服务器的Web API项目。
在启动配置方法如下：

I have a Web API project that use UseJwtBearerAuthentication to my identity server. Config method in startup looks like this:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    app.UseJwtBearerAuthentication(options =>
    {
        options.AutomaticAuthentication = true;
        options.Authority = "http://localhost:54540/";
        options.Audience = "http://localhost:54540/";
    });

    // Configure the HTTP request pipeline.
    app.UseStaticFiles();

    // Add MVC to the request pipeline.
    app.UseMvc();
}

这是工作，我想做同样的事情在MVC5项目。我试图做这样的事情：

This is working, and I want to do the same thing in an MVC5 project. I tried to do something like this:

网页API：

public class SecuredController : ApiController
    {
            [HttpGet]
            [Authorize]
            public IEnumerable<Tuple<string, string>> Get()
            {
                var claimsList = new List<Tuple<string, string>>();
                var identity = (ClaimsIdentity)User.Identity;
                foreach (var claim in identity.Claims)
                {
                    claimsList.Add(new Tuple<string, string>(claim.Type, claim.Value));
                }
                claimsList.Add(new Tuple<string, string>("aaa", "bbb"));

                return claimsList;
            }
}

我不能把网页API，如果是设置属性[授权]（如果我删除这比它在工作）

I can't call web api if is set attribute [authorized] (If I remove this than it is working)

我创建的启动。这code是从来没有所谓的，我不知道是什么改变，使其工作。

I created Startup. This code is never called and I don't know what to change to make it work.

[assembly: OwinStartup(typeof(ProAuth.Mvc5WebApi.Startup))]
namespace ProAuth.Mvc5WebApi
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
            ConfigureOAuth(app);
            HttpConfiguration config = new HttpConfiguration();
            WebApiConfig.Register(config);
            app.UseWebApi(config);
        }

        public void ConfigureOAuth(IAppBuilder app)
        {
            Uri uri= new Uri("http://localhost:54540/");
            PathString path= PathString.FromUriComponent(uri);

            OAuthAuthorizationServerOptions OAuthServerOptions = new OAuthAuthorizationServerOptions()
            {
                AllowInsecureHttp = true,
                TokenEndpointPath = path,
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
                Provider = new SimpleAuthorizationServerProvider()
            };

            // Token Generation
            app.UseOAuthAuthorizationServer(OAuthServerOptions);
            app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

        }

    }

    public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider
    {
        public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
        {
            context.Validated();
        }

        public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
        {

            context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });

            var identity = new ClaimsIdentity(context.Options.AuthenticationType);
            identity.AddClaim(new Claim("sub", context.UserName));
            identity.AddClaim(new Claim("role", "user"));

            context.Validated(identity);

        }
    }

}

目标是从网页API索赔返回客户端应用程序。采用承载认证。

感谢您的帮助。

goal is to return claims from web api to client app. using Bearer Authentication.
Thanks for help.

推荐答案

TL; DR：你不能

授权是指已添加到承载中间件ASP.NET 5一个OpenID连接功能：有一个在OWIN /武士刀版没有这样的事情

Authority refers to an OpenID Connect feature that has been added to the bearer middleware in ASP.NET 5: there's no such thing in the OWIN/Katana version.

请注意：有一个 app.UseJwtBearerAuthentication 扩展武士刀，但不同于它的ASP.NET 5当量，它不使用任何OpenID的连接功能，必须手动配置：你必须提供的发行人名称，用来验证令牌的签名证书：<一href=\"https://github.com/jchannon/katanaproject/blob/master/src/Microsoft.Owin.Security.Jwt/JwtBearerAuthenticationExtensions.cs\">https://github.com/jchannon/katanaproject/blob/master/src/Microsoft.Owin.Security.Jwt/JwtBearerAuthenticationExtensions.cs

Note: there's an app.UseJwtBearerAuthentication extension for Katana, but unlike its ASP.NET 5 equivalent, it doesn't use any OpenID Connect feature and must be configured manually: you'll have to provide the issuer name and the certificate used to verify tokens' signatures: https://github.com/jchannon/katanaproject/blob/master/src/Microsoft.Owin.Security.Jwt/JwtBearerAuthenticationExtensions.cs

这篇关于MVC-6 VS MVC-5 BearerAuthentication在网页API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！