【7】.net WebAPI Owin OAuth 2.0 密码模式验证实例
2017-03-22 22:14
791 查看
1.OAuth密码模式
![](http://images2015.cnblogs.com/blog/435188/201612/435188-20161220150922792-2073707867.png)
2.在VS中创建WebAPI项目
在nuget中安装:Microsoft.AspNet.WebApi.Owin
Microsoft.Owin.Host.SystemWeb
这两个类库并添加Owin启动类Startup
using System;
using System.Threading.Tasks;
using Microsoft.Owin;
using Owin;
using Microsoft.Owin.Security.OAuth;
[assembly: OwinStartup(typeof(WebAPIOAuth.Startup))]
namespace WebAPIOAuth
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
var OAuthOptions = new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"), //获取 access_token 授权服务请求地址
AuthorizeEndpointPath = new PathString("/authorize"), //获取 authorization_code 授权服务请求地址
AccessTokenExpireTimeSpan = TimeSpan.FromSeconds(10), //access_token 过期时间
Provider = new OpenAuthorizationServerProvider(), //access_token 相关授权服务
};
app.UseOAuthBearerTokens(OAuthOptions); //表示 token_type 使用 bearer 方式 不记名令牌验证
}
}
}
ConfigureOAuth(IAppBuilder app)方法开启了OAuth服务。简单说一下OAuthAuthorizationServerOptions中各参数的含义:
AllowInsecureHttp:允许客户端一http协议请求;
TokenEndpointPath:token请求的地址,即http://localhost:端口号/token;
AccessTokenExpireTim
4000
eSpan :token过期时间;
Provider :提供具体的认证策略;
3.继承授权服务OAuthAuthorizationServerProvider类
重载ValidateClientAuthentication方法验证客户端的正确性重载GrantResourceOwnerCredentials方法实现用户名密码的验证,验证通过后会颁发token。
public class OpenAuthorizationServerProvider : OAuthAuthorizationServerProvider
{
/// <summary>
/// 验证调用端的clientid与clientSecret已验证调用端的合法性(clientid、clientSecret为约定好的字符串)。
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
{
string clientId;
string clientSecret;
context.TryGetBasicCredentials(out clientId, out clientSecret);
if (clientId == "1234" && clientSecret == "5678")
{
context.Validated(clientId);
}
await base.ValidateClientAuthentication(context);
}
/// <summary>
/// 通过重载GrantResourceOwnerCredentials获取用户名和密码进行认证
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
//调用后台的登录服务验证用户名与密码
if (context.UserName != "Admin" || context.Password != "123456")
{
context.SetError("invalid_grant", "用户名或密码不正确。");
return;
}
var oAuthIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
var ticket = new AuthenticationTicket(oAuthIdentity, new AuthenticationProperties());
context.Validated(ticket);
await base.GrantResourceOwnerCredentials(context);
}
}
在需要验证的方法处添加[Authorize]标签,当访问此接口时必须通过授权验证才可访问。
以上服务器端代码全部完成。
4.创建新的客户端项目进行测试
添加测试类class OAuthClientTest
{
private HttpClient _httpClient;
private string token;
public OAuthClientTest()
{
_httpClient = new HttpClient();
_httpClient.BaseAddress = new Uri("http://localhost");
}
public async Task<string> GetAccessToken()
{
var clientId = "1234";
var clientSecret = "5678";
var parameters = new Dictionary<string, string>();
parameters.Add("grant_type", "password");
parameters.Add("username", "Admin");
parameters.Add("password", "123456");
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(
"Basic",
Convert.ToBase64String(Encoding.ASCII.GetBytes(clientId + ":" + clientSecret))
);
var response = await _httpClient.PostAsync("OAuthTest/token", new FormUrlEncodedContent(parameters));
var responseValue = await response.Content.ReadAsStringAsync();
if (response.StatusCode == System.Net.HttpStatusCode.OK)
{
return JObject.Parse(responseValue)["access_token"].Value<string>();
}
else
{
Console.WriteLine(responseValue);
return string.Empty;
}
}
public async Task Call_WebAPI_By_Resource_Owner_Password_Credentials_Grant()
{
if(string.IsNullOrEmpty(token))
token = await GetAccessToken();
Console.WriteLine(token);
_httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
Console.WriteLine(await (await _httpClient.GetAsync("OAuthTest/api/Values")).Content.ReadAsStringAsync());
}
}
main方法中调用进行测试:
static void Main(string[] args)
{
var clientTest = new OAuthClientTest();
var task = clientTest.Call_WebAPI_By_Resource_Owner_Password_Credentials_Grant();
task.Wait();
//var token = clientTest.GetAccessToken();
//var strToken = token.Result;
//Console.WriteLine(strToken);
Console.ReadLine();
}结果如下:
其中长串字符为token,"value1, value2"为访问webapi返回的结果,表明访问成功。
参考1:http://www.cnblogs.com/xishuai/p/aspnet-webapi-owin-oauth2.html
参考2:http://www.cnblogs.com/Leo_wl/p/4919783.html
相关文章推荐
- 【7】.net WebAPI Owin OAuth 2.0 密码模式验证实例
- NET WebApi OWIN 实现 OAuth 2.0
- ASP.NET WebApi OWIN 实现 OAuth 2.0
- asp.net权限认证:OWIN实现OAuth 2.0 之密码模式(Resource Owner Password Credential)
- ASP.NET WebApi OWIN 实现 OAuth 2.0
- ASP.NET WebApi OWIN 实现 OAuth 2.0(自定义获取 Token)
- asp.net权限认证:OWIN实现OAuth 2.0 之简化模式(Implicit)
- asp.net权限认证:OWIN实现OAuth 2.0 之授权码模式(Authorization Code)
- asp.net权限认证:OWIN实现OAuth 2.0 之客户端模式(Client Credential)
- ASP.NET 2.0 二级域名Forms验证模式下共享登陆状态
- 面向Google、YouTube、Facebook以及其他Web 2.0 API的C#和VB.NET类库
- .NET WebAPI 用ActionFilterAttribute实现token令牌验证与对Action的权限控制
- csc.rsp Nuget MVC/WebAPI 5.0、SignalR 2.0、Rx、Json、Azure、EntityFramework、OAuth、Spatial
- ASP.NET Web API与Owin OAuth:使用Access Toke调用受保护的API
- ASP.NET 2.0 二级域名Forms验证模式下共享登陆状态
- Selenium 2.0 WebDriver 自动化测试 使用教程 实例教程 API快速参考
- 基于 IdentityServer3 实现 OAuth 2.0 授权服务【密码模式(Resource Owner Password Credentials)】
- 【实例图文详解】OAuth 2.0 for Web Server Applications
- ASP.NET 2.0 两种模式website和web application到底那个好?
- ASP.NET Linux部署(2) - MS Owin + WebApi + Mono + Jexus