WEBAPI 增加身份验证 -OAuth 2.0

1,在Webapi项目下添加如下引用:

Microsoft.AspNet.WebApi.Owin

Owin

Microsoft.Owin.Host.SystemWeb

Microsoft.Owin.Security.OAuth

Microsoft.Owin.Security.Cookies

Microsoft.AspNet.Identity.Owin

Microsoft.Owin.Cors

2, 在项目下新建Startup类,这个类将作为owin的启动入口,添加下面的代码
新建Startup类
3,修改 Startup类中方法

public class Startup
{
    public void Configuration(IAppBuilder app)
    {
        // 有关如何配置应用程序的详细信息,请访问 http://go.microsoft.com/fwlink/?LinkID=316888
        ConfigAuth(app);
 
        HttpConfiguration config = new HttpConfiguration();
        WebApiConfig.Register(config);
        app.UseCors(CorsOptions.AllowAll);
        app.UseWebApi(config);
    }
    public void ConfigAuth(IAppBuilder app)
    {
        OAuthAuthorizationServerOptions option = new OAuthAuthorizationServerOptions()
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"), //获取 access_token 授权服务请求地址
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), //access_token 过期时间
            Provider = new SimpleAuthorizationServerProvider(), //access_token 相关授权服务
            RefreshTokenProvider = new SimpleRefreshTokenProvider() //refresh_token 授权服务
        };
        app.UseOAuthAuthorizationServer(option);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
    }
}

4, OAuth身份认证,新建SimpleAuthorizationServerProvider类

public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
    public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {
        context.Validated();
        return Task.FromResult<object>(null);
    }
    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {
        context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" });
        AccountService accService = new AccountService();
        string md5Pwd = LogHelper.MD5CryptoPasswd(context.Password);
        IList<object[]> ul = accService.Login(context.UserName, md5Pwd);
        if (ul.Count() == 0)
        {
            context.SetError("invalid_grant", "The username or password is incorrect");
            return;
        }
        var identity = new ClaimsIdentity(context.Options.AuthenticationType);
        identity.AddClaim(new Claim("sub", context.UserName));
        identity.AddClaim(new Claim("role", "user"));
        context.Validated(identity);
    }
}

5, 新建SimpleRefreshTokenProvider类

public class SimpleRefreshTokenProvider : AuthenticationTokenProvider
{
    private static ConcurrentDictionary<string, string> _refreshTokens = new ConcurrentDictionary<string, string>();
 
    /// <summary>
    /// 生成 refresh_token
    /// </summary>
    public override void Create(AuthenticationTokenCreateContext context)
    {
        context.Ticket.Properties.IssuedUtc = DateTime.UtcNow;
        context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(60);
 
        context.SetToken(Guid.NewGuid().ToString("n"));
        _refreshTokens[context.Token] = context.SerializeTicket();
    }
 
    /// <summary>
    /// 由 refresh_token 解析成 access_token
    /// </summary>
    public override void Receive(AuthenticationTokenReceiveContext context)
    {
        string value;
        if (_refreshTokens.TryRemove(context.Token, out value))
        {
            context.DeserializeTicket(value);
        }
    }
}

6, 在要加验证的接口上加上[Authorize]标记

[Authorize]
public class EmployeeController : ApiController
{
    //查询所有员工
    [HttpGet]
    public IList<UC_Employee> GetAllEmps()
    {
      return new List<UC_Employee>();
    }
}

7,调用api程序
在这里插入图片描述
8,传入参数,获取token
在这里插入图片描述
9,传入access_token
在这里插入图片描述

  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值