Authorize by ClaimIdentity by Owin
Authorize by ClaimIdentity by Owin
- Package needed
- Owin
- Microsoft.Owin.Security.OAuth
- Microsoft.Owin.Security.Cookies
- Microsoft.Owin
- Microsoft.AspNet.WebApi.Owin
- Startup.cs definition
[assembly:OwinStartup(typeof(GoldWebApi.App_Start.Startup))]
namespace GoldWebApi.App_Start
{
public class Startup
{
public void Configuration(IAppBuilder app)
{
}
}
}
- By using Cookie
- Add these function call in startup.cs
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
CookieHttpOnly = false,
CookieName = "Auth",
ExpireTimeSpan = TimeSpan.FromMinutes(1)
});
- Define this action webapi
[HttpGet]
public string Login(string userName,string passWord)
{
string realPassword = string.Empty;
if(AccountDic.TryGetValue(userName,out realPassword))
{
if (passWord == realPassword)
{
this.SignIn(HttpContext.Current.GetOwinContext().Authentication, this.CreateClaimIdentity(userName));
return "Authenticated";
}
}
return "Deny";
}
private void SignIn(IAuthenticationManager authenticationManger, ClaimsIdentity identity)
{
authenticationManger.SignIn(new AuthenticationProperties()
{
ExpiresUtc = DateTime.UtcNow.AddMinutes(1),
IsPersistent = true
}, identity);
}
private ClaimsIdentity CreateClaimIdentity(string userName)
{
return new ClaimsIdentity(new List<Claim>() { new Claim(ClaimTypes.Name, userName) }, DefaultAuthenticationTypes.ApplicationCookie);
}
4.By Token
- Add these call in startup.cs
app.UseOAuthBearerAuthentication(GoldWebApi.Controllers.AccountController.OAuthBearerOptions); - Add these definition in webapi
[HttpGet]
public string LoginByTicket(string userName,string passWord)
{
string realPassword = string.Empty;
if (AccountDic.TryGetValue(userName, out realPassword))
{
if (passWord == realPassword)
{
return this.GenerateTicket(this.CreateClaimIdentity(userName));
}
}
return "Deny";
}
private string GenerateTicket(ClaimsIdentity identity)
{
var ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
ticket.Properties.IssuedUtc = DateTime.Now;
ticket.Properties.ExpiresUtc = DateTime.Now.AddMinutes(1);
return OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
}
- By Basic Authentication
- package install: Thinktecture.IdentityModel.Owin.BasicAuthentication
- Add these in startup.cs
app.UseBasicAuthentication("localhost", ValidateUserCredential);
public Task<IEnumerable<Claim>> ValidateUserCredential(string userName, string passWord)
{
return Task.FromResult<IEnumerable<Claim>>(new List<Claim>() { new Claim(ClaimTypes.Name, userName) });
}
Summary
For all those Authentication mode, we can use Authorize Attribute in our webapi controller/action to apply the Authentication/Authorization. Owin will take the infrustructure job for us.
