假设我有一个Web客户端(即MVC 4客户端)使用oAuth提供程序(即Facebook,Google等)对用户进行身份验证。 我想在我的客户端逻辑中调用另一个Web服务,该Web服务也使用oAuth提供程序进行身份验证。
客户端的Web服务请求是什么样的?我需要传递给Web服务吗?
答案 0 :(得分:2)
我建议你回顾一下这个问题,How do I authorize access to ServiceStack resources using OAuth2 access tokens via DotNetOpenAuth?。海报提供了他的最终解决方案,包括一个示例解决方案的链接,他慷慨地开源。对于他的解决方案,客户端代码如下所示:
// Create the ServiceStack API client and the request DTO
var apiClient = new JsonServiceClient("http://api.mysite.com/");
var apiRequestDto = new Shortlists { Name = "dylan" };
// Wire up the ServiceStack client filter so that DotNetOpenAuth can
// add the authorization header before the request is sent
// to the API server
apiClient.LocalHttpWebRequestFilter = request => {
// This is the magic line that makes all the client-side magic work :)
ClientBase.AuthorizeRequest(request, accessTokenTextBox.Text);
}
// Send the API request and dump the response to our output TextBox
var helloResponseDto = apiClient.Get(apiRequestDto);
Console.WriteLine(helloResponseDto.Result);
此处提供了类似的解决方案:https://stackoverflow.com/a/13791078/149060,根据OAuth 1.0a
演示请求签名var client = new JsonServiceClient (baseUri);
client.LocalHttpWebRequestFilter += (request) => {
// compute signature using request and a previously obtained
// access token
string authorization_header = CalculateSignature (request, access_token);
request.Headers.Add ("Authorization", authorization_header);
};
var response = client.Get<MySecuredResponse> ("/my/service");
当然,您需要进行调整以符合OAuth提供商的要求,即签名,令牌等。