我最近从较旧的Thinktecture IdentityModel升级到支持Web API 2的最新IdentityModel。
以下代码适用于以前的nuget包(以及托管它的较小的webapi版本),当我使用System.Web.Mvc v5.2.2.0时虽然它到达ValidateToken函数的末尾但是收到错误主叫客户{StatusCode: 500, ReasonPhrase: 'Internal Server Error'
public class BasicAuthSecurityTokenHandlerWithClaimsOutput : BasicAuthenticationSecurityTokenHandler
{
public BasicAuthSecurityTokenHandlerWithClaimsOutput(ValidateNameWithClaims validateNameGetClaims)
: base()
{
if (validateNameGetClaims == null)
{
throw new ArgumentNullException("ValidateNameGetClaims");
}
this.validateNameGetClaims = validateNameGetClaims;
}
protected readonly ValidateNameWithClaims validateNameGetClaims;
public override ReadOnlyCollection<ClaimsIdentity> ValidateToken(SecurityToken token)
{
if (token == null)
{
throw new ArgumentNullException("token");
}
if (base.Configuration == null)
{
throw new InvalidOperationException("No Configuration set");
}
UserNameSecurityToken unToken = token as UserNameSecurityToken;
if (unToken == null)
{
throw new ArgumentException("SecurityToken is not a UserNameSecurityToken");
}
Claim[] lookedUpClaims = null;
try
{
if (this.validateNameGetClaims(unToken.UserName, unToken.Password, out lookedUpClaims) == false)
{
throw new SecurityTokenValidationException(unToken.UserName);
}
}
catch (Exception e)
{
// log the exception
throw new SecurityTokenValidationException(unToken.UserName);
}
var claims = new List<Claim>
{
new Claim(ClaimTypes.Name, unToken.UserName),
new Claim(ClaimTypes.AuthenticationMethod, AuthenticationMethods.Password),
AuthenticationInstantClaim.Now
};
if(lookedUpClaims != null && lookedUpClaims.Length > 0)
claims.AddRange(lookedUpClaims);
if (RetainPassword)
{
claims.Add(new Claim("password", unToken.Password));
}
var identity = new ClaimsIdentity(claims, "Basic");
if (Configuration.SaveBootstrapContext)
{
if (this.RetainPassword)
{
identity.BootstrapContext = new BootstrapContext(unToken, this);
}
else
{
var bootstrapToken = new UserNameSecurityToken(unToken.UserName, null);
identity.BootstrapContext = new BootstrapContext(bootstrapToken, this);
}
}
return new List<ClaimsIdentity> { identity }.AsReadOnly();
}
}
我要归还的说法是:
[0] = {http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: user@username.com}
[1] {http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod: http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password}
[2] {http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant: 2015-01-27T00:50:20.603Z}
[3] {fuid: 6}
[4] {fustate: FL}
我配置:
public static class BasicAuthHandlerExtensionWithClaimsOutput
{
public static void AddBasicAuthenticationWithClaimsOutput(
this AuthenticationConfiguration configuration,
ValidateNameWithClaims validationDelegate,
string realm = "localhost", bool retainPassword = false)
{
var handler = new BasicAuthSecurityTokenHandlerWithClaimsOutput(validationDelegate)
{
RetainPassword = retainPassword
};
configuration.AddMapping(new AuthenticationOptionMapping
{
TokenHandler = new SecurityTokenHandlerCollection { handler },
Options = AuthenticationOptions.ForAuthorizationHeader(scheme: "Basic"),
Scheme = AuthenticationScheme.SchemeAndRealm("Basic", realm)
});
}
}
var authConfig = new AuthenticationConfiguration
{
EnableSessionToken = true,
SendWwwAuthenticateResponseHeaders = true,
RequireSsl = false,
SessionToken = new SessionTokenConfiguration
{
Audience = "http://audience.com,
IssuerName = "http://issuer.com",
EndpointAddress = appSettings.TokenEndPoint,
SigningKey = appSettings.StsSigningKey,
DefaultTokenLifetime = new TimeSpan(1, 0, 0)
}
};
var userCredentialsService = new CredentialsService(credentialStore);
authConfig.AddBasicAuthenticationWithClaimsOutput(userCredentialsService.Validate);
config.MessageHandlers.Add(new AuthenticationHandler(authConfig));
知道我做错了吗?
答案 0 :(得分:1)
使用Fiddler,你会发现Method not found: no match for ctor signature然后一些搜索将会显示IdentityModel的作者{/ 3}}。
所需的签名存在于System.IdentityModel.Tokens.Jwt的2.0.0.0版本中,但在版本4.0中不再存在.20622.1351
你必须使用Katana。