资源拥有者密码证书授权
RFC6749描述
这个玩意适用于信任的应用程序或者操作系统
相关文章
定义自己的AuthenticationTokenProvider
http://stackoverflow.com/questions/19528496/using-bearer-token-authentication-with-web-api-2
更详细的ticket代码
using Microsoft.Owin.Infrastructure;
using Microsoft.Owin.Security;
using API.Models;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Security.Claims;
using System.Web.Http;
using System.Web.Http.Cors;
using System.Net.Http.Headers;
namespace API.Controllers
{
public class AccountController : ApiController
{
[HttpPost]
[AllowAnonymous]
[Route("api/account/login")]
public HttpResponseMessage Login(LoginBindingModel login)
{
var authenticated = false;
if (login.Domain != null)
{
authenticated = new LDAPModel().Authenticate(login.Domain, login.UserName, login.Password);
}
// todo: add sysadmin user
if (authenticated || (login.UserName == "a" && login.Password == "a"))
{
var identity = new ClaimsIdentity(Startup.OAuthBearerOptions.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, login.UserName));
AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
var currentUtc = new SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(30));
var token = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
var response = new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new ObjectContent<object>(new
{
UserName = login.UserName,
AccessToken = token
}, Configuration.Formatters.JsonFormatter)
};
// This isn't working ...
//var cookie = new CookieHeaderValue("Authorization", token);
//cookie.Secure = true;
//cookie.Expires = DateTime.Now.AddDays(5);
//response.Headers.AddCookies(new List<CookieHeaderValue>{ cookie });
return response;
}
return new HttpResponseMessage(HttpStatusCode.BadRequest);
}
[HttpGet]
[Route("api/account/profile")]
[Authorize]
public HttpResponseMessage Profile()
{
return new HttpResponseMessage(HttpStatusCode.OK)
{
Content = new ObjectContent<object>(new
{
UserName = User.Identity.Name
}, Configuration.Formatters.JsonFormatter)
};
}
}
}
bearer token说明
http://self-issued.info/docs/draft-ietf-oauth-v2-bearer.html
ticket 刷新问题
http://leastprivilege.com/2013/11/15/adding-refresh-tokens-to-a-web-api-v2-authorization-server/
不错的oauthserver项目
https://github.com/thinktecture
在SetBearerToken
Thinktecture.IdentityModel.45-master\Samples\Web API Security\Clients\OAuth2ResourceOwnerPasswordFlow\Program.cs有客户端调用
client.SetBearerToken(token);