Question

在我的基于web api的项目中。我正在使用基于令牌的身份验证。

 public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {
        var allowedOrigin = context.OwinContext.Get<string>("as:clientAllowedOrigin");

        if (allowedOrigin == null)
        {
            allowedOrigin = "*";
        }

        context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { allowedOrigin });

        /* db based authenication*/
        var user = ValidateUser(context.UserName.Trim(), context.Password.Trim());
        if (user != null)
        {
            /* db based authenication*/
            var identity = new ClaimsIdentity(context.Options.AuthenticationType);
            identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
            identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
            identity.AddClaim(new Claim("sub", context.UserName));

            var props = new AuthenticationProperties(new Dictionary<string, string>
            {
                { 
                    "Status", "Success"
                },
                { 
                    "StatusCode", "200"
                },
                { 
                    "data", context.UserName.Trim()
                },
                { 
                    "message", "User valid"
                }
            });

            var ticket = new AuthenticationTicket(identity, props);
            //add token to header
            context.OwinContext.Response.Headers.Add("Authorization", new []{"Bearer " + ticket});
            context.Validated(ticket);
        }
        else
        {
            context.Rejected();
            //_reponse = _util.Create(0, HttpStatusCode.Forbidden, message: "User Invaid.", data: null);

        }


    }

如果用户凭据有效，则返回如下响应： -

{"access_token":"-cmhkjwPvXieXEvs_TUsIHiMVdMAR4VxcvUK6XucNv3yx9PNVc4S8XtDdjEjc3cI8bU9EWhoXUI4g8I0qhcAh8WlgZKKJIXMZUhuJtUanUsOds_t-k0OoISIzb6zrk0XutfvCBkg7RMxrXBHWRO59PEJijDJd4JVmU-ekNeSalnVlC-k6CD4cOfRESBanDwSJJ9BU1PxIDqGGXHJtfIrlyruGn2ZuzqFstyCyfgdbJDekydj_RNnbO7lNAi0Xzw7bNItkBDNZ0yceWAFFzyKGAvm54Hemz7oEMcV0U0rlmE0LXM8O9D6GB8nT8rI9KOSjFKAoNOXgwB-L9nowmgqahRkc8DDwlsTUseM5tf-POBhcuMwBVatejtUJjfybqlt","token_type":"bearer","expires_in":1799,"Status":"Success","StatusCode":"200","data":"admin@website.com","message":"User valid"}

我试图覆盖此方法，如下所示

public override async Task<ResponseTO> GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
}

但是这给了我构建错误。

我的要求是，如果用户有效，则响应应为JSON字符串，如下所示。

{
  "Status", "Success",
   "message": "User is valid",
   "data" context.userName
}

用户凭据是否无效。

 {
  "Status", "Error",
   "message": "User Invalid",
   "data" context.userName
}

我不想在响应正文中传递令牌但是添加令牌＆安培;其有效性详细信息在后续请求的标题中。

Answer 1

你有没有试过myabe来回归

onDetachedFromRecyclerView

如下所示：

Task.FromResult< ResponseTO >(new ResponseTO{ //your properties filled });

如何以编程方式获取访问令牌？

1 个答案: