如何使用Bearer Token为Owin上的会话存储每个用户的其他数据

时间:2017-01-17 14:55:48

标签: asp.net-web-api owin

我的客户端登录后,我需要在我的控制器上存储第三方软件调用的令牌,所以我尝试将此保存在用户声明中:

public class BaseController : ApiController
{
    private const string Token = "thirdyparty.token";
    private string Token
    {
        set
        {
            // Here I want to store a token in any way (Session, Cache, etc)
            var claimsIdentity = (ClaimsIdentity)User.Identity;
            var claims = claimsIdentity.Claims;
            var tokenClaim = claims.FirstOrDefault(x => x.Type == Token);

            if (Token != null)
            {
                claimsIdentity.RemoveClaim(tokenClaim);
            }
            claimsIdentity.AddClaim(new Claim(Token, value));
        }
        get
        {
            // Here I want to get the token
            var claimsIdentity = (ClaimsIdentity)User.Identity;
            var claims = claimsIdentity.Claims;
            var tokenClaim = claims.FirstOrDefault(x => x.Type == Token);

            return tokenClaim?.Value;
        }
    }
}

这不起作用,每次发出新请求时,我的新索赔都会消失。 那么,我如何为每个用户存储一些额外的信息?

1 个答案:

答案 0 :(得分:1)

问题是声明是持有人令牌的一部分。

因此,即使您将声明添加到当前标识,下一个请求也会 具有旧的声明值,因为它们是使用新请求发送的令牌的一部分。

因此,如果您添加声明,则还需要生成新令牌并将其返回给客户端。

生成新令牌的一种方法是存储在中使用的OAuthAuthorizationServerOptions Startup.cs类,作为静态变量,然后在需要的地方使用

namespace WindowsFormsApplication16
{
    partial class Form2
    {
        /// <summary>
        /// Required designer variable.
        /// </summary>
        private System.ComponentModel.IContainer components = null;

        /// <summary>
        /// Clean up any resources being used.
        /// </summary>
        /// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
        protected override void Dispose(bool disposing)
        {
            if (disposing && (components != null))
            {
                components.Dispose();
            }
            base.Dispose(disposing);
        }

        #region Windows Form Designer generated code

        /// <summary>
        /// Required method for Designer support - do not modify
        /// the contents of this method with the code editor.
        /// </summary>

        #endregion
    }
}

然后生成新令牌

public class Startup
{
    public static OAuthAuthorizationServerOptions OAuthServerOptions { get; private set; }
    public void Configuration(IAppBuilder app)
    {
        ConfigureOAuth(app);
        //....add the rest
    }

    public void ConfigureOAuth(IAppBuilder app)
    {
        OAuthServerOptions = new OAuthAuthorizationServerOptions()
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromDays(1),
            Provider = new AuthProvider() //Your derived OAuthAuthorizationServerProvider
        };

        // Token Generation
        app.UseOAuthAuthorizationServer(OAuthServerOptions);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
    }
}
相关问题
最新问题