Get Bearer Token whenLogin in
[HttpPost] [AllowAnonymous] [Route("api/account/login")] public HttpResponseMessage Login(LoginBindingModel login) { // todo: add auth if (login.UserName == "a@a.com" && login.Password == "a") { var identity = new ClaimsIdentity(Startup.OAuthBearerOptions.AuthenticationType); identity.AddClaim(new Claim(ClaimTypes.Name, login.UserName)); --------------------------------------------------------------------------------------------------------------------------- AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties()); var currentUtc = new SystemClock().UtcNow; ticket.Properties.IssuedUtc = currentUtc; ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(30)); DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
return new HttpResponseMessage(HttpStatusCode.OK) { Content = new ObjectContent<object>(new { UserName = login.UserName, AccessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket) }, Configuration.Formatters.JsonFormatter) }; } return new HttpResponseMessage(HttpStatusCode.BadRequest); }---------------------------------------------------------------------------------------------------------------------------
1. Startup.Auth.cs文件
添加属性
1public
static
OAuthBearerAuthenticationOptions OAuthBearerOptions {
get
;
private
set
; }
添加静态构造函数
1234567/// <summary>
/// 构造函数
/// </summary>
static
Startup()
{
OAuthBearerOptions =
new
OAuthBearerAuthenticationOptions();
}
方法ConfigureAuth中添加
12// 使用不记名身份验证
app.UseOAuthBearerAuthentication(OAuthBearerOptions);
2. WebApiConfig.cs文件
方法Register中添加
12config.SuppressDefaultHostAuthentication();
config.Filters.Add(
new
HostAuthenticationFilter(
"Bearer"
));
3. 创建身份验证方法(Web API)
123456789101112131415161718192021222324252627282930313233[HttpPost]
public
async Task<String> Authenticate(
string
userName,
string
password)
{
if
(
string
.IsNullOrEmpty(userAccount) ||
string
.IsNullOrEmpty(password))
{
return
string
.Empty;
}<br>
// 用户查找失败
User user = await UserManager.FindAsync(userName, password);
if
(user ==
null
)
{
return
string
.Empty;
}
// 身份验证票证包括角色或者可以换成用户名
var
identity =
new
ClaimsIdentity(Startup.OAuthBearerOptions.AuthenticationType);
identity.AddClaim(
new
Claim(ClaimTypes.NameIdentifier, user.Id.ToString()));
if
(UserManager.SupportsUserRole)
{
IList<
string
> roles = await UserManager.GetRolesAsync(user.Id).ConfigureAwait(
false
);
foreach
(
string
roleName
in
roles)
{
identity.AddClaim(
new
Claim(ClaimTypes.Role, roleName, ClaimValueTypes.String));
}
}
AuthenticationTicket ticket =
new
AuthenticationTicket(identity,
new
AuthenticationProperties());
var
currentUtc = DateTime.UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromDays(1));
// 返回值
return
Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
}
4. 为需要身份验证的控制器或方法添加标记
1234[Authorize(Roles =
"Admin"
)]
public
class
UsersController : ApiController
{
}