Authorize by ClaimIdentity by Owin

Authorize by ClaimIdentity by Owin

  1. Package needed
  • Owin
  • Microsoft.Owin.Security.OAuth
  • Microsoft.Owin.Security.Cookies
  • Microsoft.Owin
  • Microsoft.AspNet.WebApi.Owin
  1. Startup.cs definition
[assembly:OwinStartup(typeof(GoldWebApi.App_Start.Startup))]
namespace GoldWebApi.App_Start
{
    public class Startup
    {
        public void Configuration(IAppBuilder app)
        {
        }
    }
}
  1. By using Cookie
  • Add these function call in startup.cs
app.UseCookieAuthentication(new CookieAuthenticationOptions
            {
                AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
                CookieHttpOnly = false,
                CookieName = "Auth",
                ExpireTimeSpan = TimeSpan.FromMinutes(1)
            });
  • Define this action webapi
 [HttpGet]
        public string Login(string userName,string passWord)
        {
            string realPassword = string.Empty;
            if(AccountDic.TryGetValue(userName,out realPassword))
            {
                if (passWord == realPassword)
                {
                    this.SignIn(HttpContext.Current.GetOwinContext().Authentication, this.CreateClaimIdentity(userName));
                    return "Authenticated";
                }
            }
            return "Deny";
        }

         private void SignIn(IAuthenticationManager authenticationManger, ClaimsIdentity identity)
        {
            authenticationManger.SignIn(new AuthenticationProperties()
            {
                ExpiresUtc = DateTime.UtcNow.AddMinutes(1),
                IsPersistent = true
            }, identity);
        }

        private ClaimsIdentity CreateClaimIdentity(string userName)
        {
            return new ClaimsIdentity(new List<Claim>() { new Claim(ClaimTypes.Name, userName) }, DefaultAuthenticationTypes.ApplicationCookie);
        }

4.By Token

  • Add these call in startup.cs
    app.UseOAuthBearerAuthentication(GoldWebApi.Controllers.AccountController.OAuthBearerOptions);
  • Add these definition in webapi
[HttpGet]
        public string LoginByTicket(string userName,string passWord)
        {
            string realPassword = string.Empty;
            if (AccountDic.TryGetValue(userName, out realPassword))
            {
                if (passWord == realPassword)
                {
                    return this.GenerateTicket(this.CreateClaimIdentity(userName));
                }
            }
            return "Deny";
        }

        private string GenerateTicket(ClaimsIdentity identity)
        {
            var ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
            ticket.Properties.IssuedUtc = DateTime.Now;
            ticket.Properties.ExpiresUtc = DateTime.Now.AddMinutes(1);

            return OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
        }
  1. By Basic Authentication
  • package install: Thinktecture.IdentityModel.Owin.BasicAuthentication
  • Add these in startup.cs
app.UseBasicAuthentication("localhost", ValidateUserCredential);

public Task<IEnumerable<Claim>> ValidateUserCredential(string userName, string passWord)
        {
            return Task.FromResult<IEnumerable<Claim>>(new List<Claim>() { new Claim(ClaimTypes.Name, userName) });
        }

Summary
For all those Authentication mode, we can use Authorize Attribute in our webapi controller/action to apply the Authentication/Authorization. Owin will take the infrustructure job for us.

posted @ 2018-08-07 13:27  kongshu  阅读(150)  评论(0编辑  收藏  举报