我有WebApi应用程序并将UserID添加到ApplicationOAuthProvider类中的标记:
public override Task TokenEndpoint(OAuthTokenEndpointContext context)
{
foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
{
context.AdditionalResponseParameters.Add(property.Key, property.Value);
}
context.AdditionalResponseParameters.Add("ID", context.Identity.GetUserId<int>());
return Task.FromResult<object>(null);
}
现在如何在我的控制器方法中获取此ID?
我尝试以下方法:
[Authorize]
public class ApiEditorialController : ApiController
{
public HttpResponseMessage GetEditorialRequests()
{
int id = HttpContext.Current.User.Identity.GetUserId<int>();
var r = Request.CreateResponse(HttpStatusCode.Accepted);
r.ReasonPhrase = "Cool!";
return r;
}
}
但是我在
上得到了NullReferenceExceptionint id = HttpContext.Current.User.Identity.GetUserId<int>();
的字符串....
更新 查看下面的响应(来自Francis Ducharme),只需覆盖OnAuthorization而不是创建私有构造函数:)
public class AuthorizeApiFilter : AuthorizeAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
string token = string.Empty;
AuthenticationTicket ticket;
token = (actionContext.Request.Headers.Any(x => x.Key == "Authorization")) ? actionContext.Request.Headers.Where(x => x.Key == "Authorization").FirstOrDefault().Value.SingleOrDefault().Replace("Bearer ", "") : "";
if (token == string.Empty)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, "Missing 'Authorization' header. Access denied.");
return;
}
//your OAuth startup class may be called something else...
ticket = Startup.OAuthOptions.AccessTokenFormat.Unprotect(token);
if (ticket == null)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid token decrypted.");
return;
}
// you could perform some logic on the ticket here...
// you will be able to retrieve the ticket in all controllers by querying properties and looking for "Ticket"...
actionContext.Request.Properties.Add(new KeyValuePair<string, object>("Ticket", ticket));
base.OnAuthorization(actionContext);
}
}
谢谢Francis Ducharme
答案 0 :(得分:2)
您可以在OAuth启动类的GrantResourceOwnerCredentials中将其添加到词典中。
ticket.Properties.Dictionary.Add(KeyValuePair<string, string>("UserID", user.Id.ToString())); //the user object from your authentication logic...
然后实现AuthorizeAttribute,您可以在其中检索在请求的Authorize标头中发送的令牌,取消保护并将其添加到请求属性中,然后在所有控制器中可用#39;方法
public class AuthFilter : AuthorizeAttribute
{
private void AuthorizeRequest(HttpActionContext actionContext)
{
string token = string.Empty;
AuthenticationTicket ticket;
token = (actionContext.Request.Headers.Any(x => x.Key == "Authorization")) ? actionContext.Request.Headers.Where(x => x.Key == "Authorization").FirstOrDefault().Value.SingleOrDefault().Replace("Bearer ", "") : "";
if (token == string.Empty)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, "Missing 'Authorization' header. Access denied.");
return;
}
//your OAuth startup class may be called something else...
ticket = Startup.OAuthBearerOptions.AccessTokenFormat.Unprotect(token);
if (ticket == null)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.BadRequest, "Invalid token decrypted.");
return;
}
// you could perform some logic on the ticket here...
// you will be able to retrieve the ticket in all controllers by querying properties and looking for "Ticket"...
actionContext.Request.Properties.Add(new KeyValuePair<string, object>("Ticket", ticket));
}
}
然后在您的网络方法中,Request.Properties将包含Ticket,其中包含UserID字典。
您需要在AuthorizeAttribute
WebApiConfig.cs
config.Filters.Add(new AuthFilter());
// I also have this in my Web API config. Not sure if I had to add this manually or the default project had these lines already...
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
答案 1 :(得分:0)
您需要拦截响应消息并将该值附加回您的用户。
AdditionalResponseParameters会显示在回复中,但除非您告知,否则您的应用程序不会将它们分配给任何内容。
找到用于为用户分配声明值/名称等的代码(在从OAuth提供商重定向回您的网站时),然后在响应中查找参数。