Question

我正在尝试创建一个新的API Key自定义身份验证提供程序来插入我的OWIN管道。我也使用Cookie，OAuth和ADFS提供商。我实施的代码就是这样：

public static class ApiKeyAuthenticationExtension
{
    public static IAppBuilder UseApiKeyAuthentication(this IAppBuilder appBuilder, ApiKeyAuthenticationOptions options = null)
    {
        appBuilder.Use<ApiKeyAuthenticationMiddleware>(options ?? new ApiKeyAuthenticationOptions("ApiKey"));
        appBuilder.UseStageMarker(PipelineStage.Authenticate);

        return appBuilder;
    }
}

public class ApiKeyAuthenticationMiddleware : AuthenticationMiddleware<AuthenticationOptions>
{
    public ApiKeyAuthenticationMiddleware(OwinMiddleware next, AuthenticationOptions options) : base(next, options)
    {
    }

    protected override AuthenticationHandler<AuthenticationOptions> CreateHandler()
    {
        return new ApiKeyAuthenticationHandler();
    }
}

public class ApiKeyAuthenticationHandler : AuthenticationHandler<AuthenticationOptions>
{
    private const string ApiKey = ".....";

    protected override Task<AuthenticationTicket> AuthenticateCoreAsync()
    {
        string apiKey = Context.Request.Headers["ApiKey"];
        if (!string.IsNullOrEmpty(apiKey) && ApiKey.Equals(apiKey))
        {
            var identity = new ClaimsIdentity(Options.AuthenticationType);
            identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "Id", null, Options.AuthenticationType));
            identity.AddClaim(new Claim(ClaimTypes.Name, "Name"));
            identity.AddClaim(new Claim(ClaimTypes.Email, "bla@blu.com"));

            return new Task<AuthenticationTicket>(() => new AuthenticationTicket(identity, new AuthenticationProperties()));
        }

        return Task.FromResult(null as AuthenticationTicket);
    }
}

public class ApiKeyAuthenticationOptions : AuthenticationOptions
{
    public ApiKeyAuthenticationOptions(string authenticationType) : base(authenticationType)
    {
    }
}

My Startup.Auth看起来像这样：

app.UseCookieAuthentication(...
app.UseActiveDirectoryFederationServicesBearerAuthentication(...
app.UseOAuthAuthorizationServer(...
app.UseOAuthBearerAuthentication(...

并在最后

app.UseApiKeyAuthentication(...

当执行进入AuthenticateCoreAsync并且我返回并且身份验证票证时，浏览器只是挂起并执行似乎无处可去。之后没有任何事情发生。

我在这里缺少什么？

Answer 1

我认为你创造的任务永远不会完成甚至开始。您可能还想在那里使用Task.FromResult，或者只是将其更改为异步方法。

    protected override Task<AuthenticationTicket> AuthenticateCoreAsync()
{
    string apiKey = Context.Request.Headers["ApiKey"];
    if (!string.IsNullOrEmpty(apiKey) && ApiKey.Equals(apiKey))
    {
        var identity = new ClaimsIdentity(Options.AuthenticationType);
        identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, "Id", null, Options.AuthenticationType));
        identity.AddClaim(new Claim(ClaimTypes.Name, "Name"));
        identity.AddClaim(new Claim(ClaimTypes.Email, "bla@blu.com"));

        return Task.FromResult(new AuthenticationTicket(identity, new AuthenticationProperties()));
    }

    return Task.FromResult(null as AuthenticationTicket);
}

带有OWIN的ASP.NET Web Api - 自定义身份验证

1 个答案: