我想实现自己的自定义WebApi身份验证。我尝试在ApplicationOAuthProvider中修改GrantResourceOwnerCredentials方法。
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
using (UserManager<IdentityUser> userManager = _userManagerFactory())
{
IdentityUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user,
context.Options.AuthenticationType);
ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
}
我替换了身份验证:
IdentityUser user = await userManager.FindAsync(context.UserName, context.Password);
我的Web服务调用返回true表示已通过身份验证,false表示未经过身份验证。
if (authenticated)
{
IdentityUser user = new IdentityUser("username");
}
但我不知道如何处理ClaimsIdentity。有人有我可以参考的样品吗?感谢。
答案 0 :(得分:2)
在此之后,但也可以记录它,因为它仍然相关。如果您的意思是如何从故障单中分配和解决索赔,则可以选择。您可以实现IUserClaimsStore (documentation for said object),也可以只创建自己的声明存储服务。最手动的方法是在验证登录并检索其身份后明确地将声明分配给用户。以下是使用代码的简单示例:
using (UserManager<IdentityUser> userManager = _userManagerFactory())
{
IdentityUser user = await userManager.FindAsync(context.UserName, context.Password);
if (user == null)
{
context.SetError("invalid_grant", "The user name or password is incorrect.");
return;
}
user.AddClaim(new Claim("sub","whateveryouwantthesubjectnametobe"));
user.AddClaim(new Claim("someotherclaim","whosecontentsyoudeterminehoweveryouwouldlike"));
ClaimsIdentity oAuthIdentity = await userManager.CreateIdentityAsync(user,
context.Options.AuthenticationType);
ClaimsIdentity cookiesIdentity = await userManager.CreateIdentityAsync(user,
CookieAuthenticationDefaults.AuthenticationType);
AuthenticationProperties properties = CreateProperties(user.UserName);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, properties);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(cookiesIdentity);
}
应该是这样,声明将成为您的令牌的一部分,它应该在下一个请求时自动填充ClaimsPrincipal。如果要在请求中查看故障单的反序列化,请创建一个简单的OAuthBearerAuthenticationProvider实现,并覆盖ValidateIdentity方法:
private class SuperSecretBearerAuthClass: OAuthBearerAuthenticationProvider
{
public override Task ValidateIdentity(OAuthValidateIdentityContext context)
{
var claims = context.Ticket.Identity.Claims; //examine claims here
base.ValidateIdentity(context);
return Task.FromResult<object>(null);
}
}
startup.cs /在配置auth的任何地方的注册都是这样的:
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
Provider = new SuperSecretBearerAuthClass()
});
答案 1 :(得分:0)
我不太了解您的需求,但您可能希望了解一下OAuth嵌入式服务器的Thinktectures实现。
查看他们的Thinktecture.IdentityModel项目和样本 - https://github.com/thinktecture/Thinktecture.IdentityModel
他们有一个名为samples \ OAuth2 \ EmbeddedAuthorizationServer的示例项目,它使用GrantResourceOwnerCredentials方法进行身份验证。
这是一篇关于ClaimsIdentity的简单博文,也可能有所帮助。 http://www.remondo.net/simple-claims-based-identity/