WEBAPI 增加身份验证
1,在Webapi项目下添加如下引用:
Microsoft.AspNet.WebApi.Owin
Owin
Microsoft.Owin.Host.SystemWeb
Microsoft.Owin.Security.OAuth
Microsoft.Owin.Security.Cookies
Microsoft.AspNet.Identity.Owin
Microsoft.Owin.Cors
2, 在项目下新建Startup类,这个类将作为owin的启动入口,添加下面的代码
3,修改 Startup类中方法
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
public class Startup { public void Configuration(IAppBuilder app) { // 有关如何配置应用程序的详细信息,请访问 http://go.microsoft.com/fwlink/?LinkID=316888 ConfigAuth(app); HttpConfiguration config = new HttpConfiguration(); WebApiConfig.Register(config); app.UseCors(CorsOptions.AllowAll); app.UseWebApi(config); } public void ConfigAuth(IAppBuilder app) { OAuthAuthorizationServerOptions option = new OAuthAuthorizationServerOptions() { AllowInsecureHttp = true , TokenEndpointPath = new PathString( "/token" ), //获取 access_token 授权服务请求地址 AccessTokenExpireTimeSpan = TimeSpan.FromDays(1), //access_token 过期时间 Provider = new SimpleAuthorizationServerProvider(), //access_token 相关授权服务 RefreshTokenProvider = new SimpleRefreshTokenProvider() //refresh_token 授权服务 }; app.UseOAuthAuthorizationServer(option); app.UseOAuthBearerAuthentication( new OAuthBearerAuthenticationOptions()); } } |
4, OAuth身份认证,新建SimpleAuthorizationServerProvider类
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
public class SimpleAuthorizationServerProvider : OAuthAuthorizationServerProvider { public override Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context) { context.Validated(); return Task.FromResult< object >( null ); } public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { context.OwinContext.Response.Headers.Add( "Access-Control-Allow-Origin" , new [] { "*" }); AccountService accService = new AccountService(); string md5Pwd = LogHelper.MD5CryptoPasswd(context.Password); IList< object []> ul = accService.Login(context.UserName, md5Pwd); if (ul.Count() == 0) { context.SetError( "invalid_grant" , "The username or password is incorrect" ); return ; } var identity = new ClaimsIdentity(context.Options.AuthenticationType); identity.AddClaim( new Claim( "sub" , context.UserName)); identity.AddClaim( new Claim( "role" , "user" )); context.Validated(identity); } } |
5, 新建SimpleRefreshTokenProvider类
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
public class SimpleRefreshTokenProvider : AuthenticationTokenProvider { private static ConcurrentDictionary< string , string > _refreshTokens = new ConcurrentDictionary< string , string >(); /// <summary> /// 生成 refresh_token /// </summary> public override void Create(AuthenticationTokenCreateContext context) { context.Ticket.Properties.IssuedUtc = DateTime.UtcNow; context.Ticket.Properties.ExpiresUtc = DateTime.UtcNow.AddDays(60); context.SetToken(Guid.NewGuid().ToString( "n" )); _refreshTokens[context.Token] = context.SerializeTicket(); } /// <summary> /// 由 refresh_token 解析成 access_token /// </summary> public override void Receive(AuthenticationTokenReceiveContext context) { string value; if (_refreshTokens.TryRemove(context.Token, out value)) { context.DeserializeTicket(value); } } } |
6, 在要加验证的接口上加上[Authorize]标记
1
2
3
4
5
6
7
8
9
10
|
[Authorize] public class EmployeeController : ApiController { //查询所有员工 [HttpGet] public IList<UC_Employee> GetAllEmps() { return new List<UC_Employee>(); } } |
7,调用api程序
8,传入参数,获取token
9,传入access_token
原文连接。