对于我的WebAPI项目OAuth处理,我有以下代码:
namespace Synergetic.API.WebAPI
{
public partial class Startup
{
public static OAuthAuthorizationServerOptions OAuthOptions { get; private set; }
public static string PublicClientId { get; private set; }
// For more information on configuring authentication, please visit http://go.microsoft.com/fwlink/?LinkId=301864
public void ConfigureAuth(IAppBuilder app)
{
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
app.UseCookieAuthentication(new CookieAuthenticationOptions());
//app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Configure the application for OAuth based flow
OAuthOptions = new OAuthAuthorizationServerOptions
{
TokenEndpointPath = new PathString("/Token"),
Provider = new ApplicationOAuthProvider(),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
// In production mode set AllowInsecureHttp = false
AllowInsecureHttp = true
};
// Enable the application to use bearer tokens to authenticate users
app.UseOAuthBearerTokens(OAuthOptions);
}
}
}
OAuthAuthorizationServerProvider还有一个实际使用此方法的应用程序。
在Web客户端,我有这个javascript用于从服务器获取令牌:
var token;
var loginData = {
grant_type: 'password',
username: $('#txtUser').val(),
password: $('#txtPassword').val()
};
var beforeSendFunc = function (request) {
//alert(token);
request.setRequestHeader("Authorization", "Bearer " + token);
};
$.ajax({
type: 'POST',
url: "Token",
data: loginData
}).success(function (data) {
.............
更新:完成了一些调查后,我假设为授权服务器提供多个令牌访问端点是不可能的,或者至少很难实现。我们可以通过获取令牌客户端调用来发送更多信息吗?我的意思是除了现有的用户名,密码,凭证之外还有更多数据?
答案 0 :(得分:0)
我找到了这个有用的帖子:
How do you consume extra parameters in OAuth2 Token request within .net WebApi2 application
我们需要将以下代码行添加到OAuthAuthorizationServerOptions方法中:
var data = await context.Request.ReadFormAsync();