但严重.... ASP.NET的WebAPI实施例其中包括OAuth [英] But Seriously.... Example of ASP.NET WebAPI implementation including OAuth
问题描述
我真的不感兴趣WCF样本英寸该DotNetOpenAuth实现,我觉得也是不全或的假设WCF 。我发现<一个href=\"https://github.com/thinktecture/Thinktecture.IdentityServer.45\">Thinkitecture.IdentityServer.45这是什么,但重量轻,是不是真的适合建设成我的新的WebAPI项目。我甚至发现,几乎没有真正的信息 Oauth2DotNet 项目。
I'm really not interested in WCF samples. The DotNetOpenAuth implementations that I found are also incomplete or assume WCF. I've found Thinkitecture.IdentityServer.45 which is anything but lightweight and isn't really appropriate for building into my new WebAPI project. I even found the Oauth2DotNet project that has almost no real information.
微软发布了一个几个的Oauth / OpenID的相关项目,但我甚至找不到合适的文档这些无论是。
Microsoft has posted a few Oauth/OpenID related projects, but I can't even find proper documentation for these either.
我的项目:创建一个新的网站,为使用.NET 4.5和ASP.NET的WebAPI授权的移动应用程序REST风格的API服务。由于这些应用程序不一定必须采取行动代表用户,我们认为,2条腿的Oauth是可以接受的,因为我们想关机,如果一个特定的应用程序失控的拒绝访问我们的API的能力手。
My project: Create a new site to provide "REST-style" API services for authorized mobile applications using .NET 4.5 and ASP.NET WebAPI. Since these applications don't necessarily have to act on behalf of a user, we believe that "2-legged" Oauth will be acceptable because we would like the ability to shut down and deny access to our API if a specific application gets out of hand.
出了这一切,我花了一周时间试图获得一个基本的实现工作,但还没有能够识别各种令牌类型和什么使标记本身。这确实不应该这么难,我觉得缺乏所涉及很令人沮丧的主题基本信息。是的,规范张贴,但无处他们在蒸馏水,并准备实施。
Out of all of this, I've spent a week trying to get a basic implementation working, but haven't even been able to identify the various token types and what makes up the tokens themselves. This really shouldn't be so difficult and I find the lack of basic information on the topics involved quite frustrating. Yes, the specs are posted, but nowhere are they distilled and ready for implementation.
我想要的理想解决方案扩展到与WepAPI的身份验证属性正确地集成,可能是作为一个ActionFilter / AuthorizationFilter,所以我可以尝试授权给一个或多个我优雅REST-的访问前,识别和认证远程应用程序FUL API方法。
I'd like the ideal solution to extend to integrate properly with the WepAPI's Authenticate attribute, probably as an ActionFilter/AuthorizationFilter so I can identify and authenticate the remote application before attempting to authorize access to one or more of my elegant REST-ful API methods.
在哪儿了入门?
推荐答案
基本上, HMAC认证就足以解决您的问题,这里看看:
Basically, HMAC authentication is enough to solve your problem, check out in here:
<一个href=\"http://stackoverflow.com/questions/11775594/how-to-secure-an-aspnet-mvc-web-api/11782361#11782361\">How确保一个MVC ASPNET网络API
和
<一个href=\"http://stackoverflow.com/questions/11830338/mvc-4-web-api-creating-api-keys/11831391#11831391\">MVC 4 Web.API创建API密钥
这篇关于但严重.... ASP.NET的WebAPI实施例其中包括OAuth的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
