.NET的Web API 2 OWIN承载令牌认证直接调用 [英] .NET Web API 2 OWIN Bearer Token Authentication direct call

问题描述

我有一个问题，我的网络API项目。
我保存在我的数据库文件，而想直接打电话给他们在新窗口中查看/保存（URL，如：/ API /文件/ 5 - 5 beeing的FILEID）

I have a problem with my Web Api Project. I have files stored in my Database and want to call them directly in a new window to view/save (URL like : /api/Files/5 - 5 beeing the FileId)

我已经功成名就的承载令牌与AngularJS对于正常的数据我一般AJAX请求工作，它的工作原理就像一个魅力。为文件I创建了一个控制器，显示与相应的MIME类型浏览器中的文件。但现在我改变了行动，[授权]我收到拒绝访问这是正确的，因为我没有通过在HTTP标头的的access_token。

I got everthing working with the Bearer Token for my general AJAX requests with AngularJS for normal Data and it works like a charm. For the file I created a Controller that shows the file in the browser with the corresponding MIME-Type. But now that I changed the action to [Authorize] I get an Access Denied which is correct because I didnt pass an access_token in the HTTP-Header.

我做了相当长的一段研究是否可以通过查询字符串传递令牌，但没有发现任何有用的。

I did quite some research if it is possible to pass the Token via the querystring but didn't find anything helpful.

现在我的计划是从我的控制器中删除[授权]属性，并尝试验证令牌自己，但我不知道怎么办。

Now my plan is to remove the [Authorize] Attribute from my Controller and try to validate the token myself but I don't know how.

任何人都知道我能得到它的工作？

Anyone know how I can get it to work?

推荐答案

我实现承载我的应用程序（AngularJS，2的WebAPI）令牌认证和我有类似的问题 - 我需要允许通过单击链接上下载文件。当你点击一个链接标题不发送。 :(
所以，我送一个查询字符串令牌值下载文件

I implemented bearer token authentication in my app (AngularJS, WebAPI 2) and I had similar problem - I needed to allow downloading files by clicking on a link. When you click on a link headers are not sent. :( So, I sent the token value in a query string to download a file

... / mywebapp / API /文件/ GETFILE / 3？=的access_token ... jaCOTrGsaak6Sk0CpPc1

.../mywebapp/api/files/getfile/3?access_token=jaCOTrGsaak6Sk0CpPc1...

和设置授权头中Startup.Auth.cs令牌值。这里是code：

and set "Authorization" header to the token value in Startup.Auth.cs. Here is the code:

public void ConfigureAuth(IAppBuilder app)
{
    //It needs for file downloads
    app.Use(async (context, next) =>
    {
        if (context.Request.QueryString.HasValue)
        {
            if (string.IsNullOrWhiteSpace(context.Request.Headers.Get("Authorization")))
            {
                var queryString = HttpUtility.ParseQueryString(context.Request.QueryString.Value);
                string token = queryString.Get("access_token");

                if (!string.IsNullOrWhiteSpace(token))
                {
                    context.Request.Headers.Add("Authorization", new[] { string.Format("Bearer {0}", token) });
                }
            }
        }

        await next.Invoke();
    });
    // Enable the application to use bearer tokens to authenticate users
    app.UseOAuthBearerTokens(OAuthOptions);
}

这篇关于.NET的Web API 2 OWIN承载令牌认证直接调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！