app.UseOAuthBearerTokens与ASP.NET Identity 2.0的DbContext中间件?

时间:2014-01-12 16:53:49

标签: asp.net-mvc entity-framework visual-studio-2013 asp.net-identity owin

编辑:进展后,我可以缩小问题的范围:

应该对VS2013 SPA模板中的startup.auth.cs和ApplicationOAuthProvider.cs进行哪些更改(使用ASP.NET标识1.0)才能将其迁移到使用ASP.NET标识2.0?

编辑2:我进一步简化了这个问题。如何将app.UseOAuthBearerTokens与ASP.NET Identity 2.0的中间件一起用于检索DbContext?

        app.UseOAuthBearerTokens(new Microsoft.Owin.Security.OAuth.OAuthAuthorizationServerOptions()
            {
                //What goes here??
            });

(样本中没有这样的例子。)

与Asp.net身份框架的V1.0到V2.0alpha存在显着差异。有一个示例可以显示如何使用V2:

https://aspnet.codeplex.com/SourceControl/latest (参见样本 - > Identity-> ChangePK)

但该示例不是MVC或SPA。话虽这么说,我有一个从VS2013 ASP.NET SPA应用程序(其中包含Identity 1.0)构建的应用程序。我一直在尝试在我的MVC应用程序中的示例中实现代码,但是我不清楚VS2013 SPA模板中的哪些代码被删除,而不是样本中的代码。

问另一种方式,是否有人有指导在ASP.NET MVC应用程序中实现ASP.NET identity 2.0 alpha? (理想情况下,从利用身份1.0的VS2013 MVC SPA模板迁移的步骤)

2 个答案:

答案 0 :(得分:8)

如果您正在寻找如何为 WEBAPI 和MVC Cookie身份验证实施承载令牌,请查看以下文章:

ASP.NET Identity 2.0 Cookie & Token Authentication including a sample project.

简单地说,此解决方案使用OWIN中间件组件UseOAuthBearerAuthenticationUseCookieAuthentication(我知道Cookie auth不是问题的一部分,但与MVC项目非常相关),以支持基于浏览器的身份验证和 WEBAPI 分别通过 Cookie 令牌请求身份验证。

Startup.Auth.cs

OAuthBearerOptions = new OAuthBearerAuthenticationOptions();

//This will used the HTTP header: "Authorization" Value: "Bearer 1234123412341234asdfasdfasdfasdf"
app.UseOAuthBearerAuthentication(OAuthBearerOptions);
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
    AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
    LoginPath = new PathString("/Account/Login")
}); 

HostAuthenticationFilter表示通过OWIN中间件进行身份验证的身份验证过滤器:

WebApiConfig.cs

config.SuppressDefaultHostAuthentication();
//This will used the HTTP header: "Authorization" Value: "Bearer 1234123412341234asdfasdfasdfasdf"
config.Filters.Add(new HostAuthenticationFilter("Bearer"));

生成令牌:

var identity = new ClaimsIdentity(Startup.OAuthBearerOptions.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.Name, user));
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, userIdentity.Id));
AuthenticationTicket ticket = new AuthenticationTicket(identity, new AuthenticationProperties());
var currentUtc = new SystemClock().UtcNow;
ticket.Properties.IssuedUtc = currentUtc;
ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromMinutes(30));
string AccessToken = Startup.OAuthBearerOptions.AccessTokenFormat.Protect(ticket);
return AccessToken;

答案 1 :(得分:3)

以下只是SPA模板中的代码,其中UserManager的提供程序替换为2.0 Identity中引入的内容。

OAuthOptions = new OAuthAuthorizationServerOptions
            {
                TokenEndpointPath = new PathString("/Token"),
                Provider = new ApplicationOAuthProvider(PublicClientId, () => HttpContext.Current.GetOwinContext().Get<ApplicationUserManager>()),
                AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
                AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
                AllowInsecureHttp = false
            };

以下是您可以使用的Generic ApplicationOauthProvider: https://gist.github.com/s093294/9076631 (应该注意我没有对它进行测试,只是把它放在一起)

示例,如果你有:

app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);

你可以做到

        OAuthOptions = new OAuthAuthorizationServerOptions
        {
            TokenEndpointPath = new PathString("/Token"),
            Provider = new ApplicationOAuthProvider<ApplicationUserManager,ApplicationUser,Guid>(PublicClientId),
            AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(14),
            AllowInsecureHttp = false
        };