传递和的WebAPI核实查询字符串中OWIN承载令牌 [英] Passing and verifying the OWIN Bearer token in Query String in WebAPI
问题描述
短版本:
我需要传递和验证OWIN轴承令牌作为查询参数,而不是在请求标头。
Short Version: I need to pass and verify the OWIN bearing token as a query parameter rather than in the request header.
我如何再拿到方法来授权基于令牌的字符串?
How do I then get the method to authorized based on that token string?
背景:
我想调用一个方法的WebAPI下载文件作为流(永不希望用户从已知的文件位置下载)。
Background: I want to call a webapi method to download a file as a stream (and never want the user to download it from a known file location).
我不能得到这个工作,如果我还需要设置一个自定义的请求头即承载令牌。
I can't get this to work if I also need to set a custom Request header i.e. the bearer token.
我应该能够通过令牌在查询字符串 - 但不知道如何获取令牌,然后验证用户
I should be able to pass the token in the query string - but don't know how to get that token to then authenticate the user.
我需要过滤?我是否需要特殊的索赔等?
请问的WebAPI方法需要包括的access_token作为函数的参数之一?
Do I need to filter? Do I need a special claim etc? Does the webapi method need to include "access_token" as one of the function parameters?
推荐答案
我写了一篇关于如何工作在这里:
<一href=\"http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/\" rel=\"nofollow\">http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/
I wrote about how that works here: http://leastprivilege.com/2013/10/31/retrieving-bearer-tokens-from-alternative-locations-in-katanaowin/
这篇关于传递和的WebAPI核实查询字符串中OWIN承载令牌的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!