有没有办法在web api项目中读取/解密持票人令牌?
我的web api也托管SignalR集线器,这些集线器通过websocket从浏览器调用。 与我正常的api调用不同,我无法在此处添加授权标头。虽然我可以在查询字符串中发送令牌并在SignalR集线器中读取它。
默认情况下,令牌由owin解析为声明标识。我需要的是手动执行此操作。我该怎么做?
OAuthAuthorizationServerOptions serverOptions = new OAuthAuthorizationServerOptions()
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString("/token"),
AccessTokenExpireTimeSpan = TimeSpan.FromDays(Config.TokenLifetime),
Provider = new AuthProvider()
};
// Token Generation
app.UseStageMarker(PipelineStage.Authenticate); // wait for authenticate stage, so we get the windows principle for use with ntlm authentication
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
app.UseOAuthAuthorizationServer(serverOptions);
答案 0 :(得分:3)
我假设在Startup.cs中你有类似的代码:
var oAuthOpt = new OAuthBearerAuthenticationOptions
{
Provider = new OAuthTokenProvider(
req => req.Query.Get("bearer_token"),
req => req.Query.Get("access_token"),
req => req.Query.Get("refresh_token"),
req => req.Query.Get("token"),
req => req.Headers.Get("X-Token"))
};
app.UseOAuthBearerAuthentication(OAuthOpt);
app.UseOAuthAuthorizationServer(new OAuthAuthorizationServerOptions
{
AllowInsecureHttp = true,
TokenEndpointPath = new PathString(settings.TokenEndpointBasePath),
AccessTokenExpireTimeSpan = Util.AccessTokenExpireTimeSpan,
Provider = new AuthorizationServerProvider(new AuthenticationService()),
});
您需要做的是将oAuthOpt替换为Startup.cs中的公共静态字段,而不是在需要取消保护您的持票人令牌时使用它。
对于SignalR,我创建了一个授权属性,其中我取oAuthOpt并使用它解码令牌。
我就是这样做的:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = false, AllowMultiple = false)]
public sealed class AuthorizeHubAttribute : AuthorizeAttribute
{
public override bool AuthorizeHubConnection (HubDescriptor hubDescriptor, IRequest request)
{
var token = request.QueryString["Authorization"];
var ticket = Startup.OAuthOpt.AccessTokenFormat.Unprotect(token);
if ( ticket != null && ticket.Identity != null && ticket.Identity.IsAuthenticated )
{
request.Environment["server.User"] = new ClaimsPrincipal(ticket.Identity);
return true;
}
else
return false;
}
public override bool AuthorizeHubMethodInvocation (IHubIncomingInvokerContext hubIncomingInvokerContext, bool appliesToMethod)
{
var connectionId = hubIncomingInvokerContext.Hub.Context.ConnectionId;
var environment = hubIncomingInvokerContext.Hub.Context.Request.Environment;
var principal = environment["server.User"] as ClaimsPrincipal;
if ( principal != null && principal.Identity != null && principal.Identity.IsAuthenticated )
{
hubIncomingInvokerContext.Hub.Context = new HubCallerContext(new Microsoft.AspNet.SignalR.Owin.ServerRequest(environment), connectionId);
return true;
}
else
return false;
}
}
var ticket = Startup.OAuthOpt.AccessTokenFormat.Unprotect(token);
该行是与Startup.cs