编辑:进展后,我可以缩小问题的范围:
应该对VS2013 SPA模板中的startup.auth.cs和ApplicationOAuthProvider.cs进行哪些更改(使用ASP.NET标识1.0)才能将其迁移到使用ASP.NET标识2.0?
编辑2:我进一步简化了这个问题。如何将app.UseOAuthBearerTokens与ASP.NET Identity 2.0的中间件一起用于检索DbContext?
app.UseOAuthBearerTokens(new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions()
{
//What goes here??
});
(样本中没有这样的例子。)
与Asp.net身份框架的V1.0到V2.0alpha存在显着差异。有一个示例可以显示如何使用V2:
https://aspnet.codeplex.com/SourceControl/latest (参见样本 - > Identity-> ChangePK)
但该示例不是MVC或SPA。话虽这么说,我有一个从VS2013 ASP.NET SPA应用程序(其中包含Identity 1.0)构建的应用程序。我一直在尝试在我的MVC应用程序中的示例中实现代码,但是我不清楚VS2013 SPA模板中的哪些代码被删除,而不是样本中的代码。
问另一种方式,是否有人有指导在ASP.NET MVC应用程序中实现ASP.NET identity 2.0 alpha? (理想情况下,从利用身份1.0的VS2013 MVC SPA模板迁移的步骤)
答案 0 :(得分:8)
如果您正在寻找如何为 WEBAPI 和MVC Cookie身份验证实施承载令牌,请查看以下文章:
简单地说,此解决方案使用OWIN中间件组件UseOAuthBearerAuthentication
和UseCookieAuthentication
(我知道Cookie auth不是问题的一部分,但与MVC项目非常相关),以支持基于浏览器的身份验证和 WEBAPI 分别通过 Cookie 和令牌请求身份验证。
OAuthBearerOptions = new OAuthBearerAuthenticationOptions();
//This will used the HTTP header: "Authorization" Value: "Bearer 1234123412341234asdfasdfasdfasdf"
app.UseOAuthBearerAuthentication(OAuthBearerOptions);
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
HostAuthenticationFilter表示通过OWIN中间件进行身份验证的身份验证过滤器:
config.SuppressDefaultHostAuthentication();
//This will used the HTTP header: "Authorization" Value: "Bearer 1234123412341234asdfasdfasdfasdf"
config.Filters.Add(new HostAuthenticationFilter("Bearer"));
var identity = new ClaimsIdentity(Startup.OAuthBearerOptions.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, user));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userIdentity.Id));
AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
var currentUtc = new SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(30));
string AccessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
return AccessToken;
答案 1 :(得分:3)
以下只是SPA模板中的代码,其中UserManager的提供程序替换为2.0 Identity中引入的内容。
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(PublicClientId, () => HttpContext.Current.GetOwinContext().Get<ApplicationUserManager>()),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = false
};
以下是您可以使用的Generic ApplicationOauthProvider: https://gist.github.com/s093294/9076631 (应该注意我没有对它进行测试,只是把它放在一起)
示例,如果你有:
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
你可以做到
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider<ApplicationUserManager,ApplicationUser,Guid>(PublicClientId),
AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
AllowInsecureHttp = false
};