OWIN在不记录用户或重新发布令牌的情况下更改声明

时间:2017-03-26 05:50:44

标签: owin

我当前的实现使用端点使用标准功能来使用OWIN令牌实现:

e.g /token endpoint and with the below method

and then using:
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
      authentication code + claim assignment
      context.Validated(ticket);
}

我正在尝试冒充用户。理想情况下,我希望能够在GrantResourceOwnerCredentials中调用/重新运行我的代码,但这似乎只能使用/ token端点运行。或者找到一种方法来重新生成令牌声明,并在我自己的端点中手动将这些声明发送给用户,例如/ tokenimpersonate方法?

我不使用cookies这是一个纯粹的令牌实现。

另一种选择是我可以调整现有用户的声明但我的理解我需要将它们注销并登录,在这种情况下如何将新令牌传递给前端?

2 个答案:

答案 0 :(得分:0)

我认为最好的方法是在基于令牌的身份验证中实现刷新令牌。 为了更好地理解,请查看此页面: http://bitoftech.net/2014/07/16/enable-oauth-refresh-tokens-angularjs-app-using-asp-net-web-api-2-owin/

答案 1 :(得分:0)

这是我最终用来完成这项工作的代码:

                        Authentication.SignOut(authTypeNames.ToArray());






                    var oAuthIdentity = new ClaimsIdentity(OAuthDefaults.AuthenticationType);
                    oAuthIdentity.AddClaim(new Claim(ClaimTypes.Name, dbUser.Username));
                    oAuthIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, dbUser.User_ID.ToString()));
                    oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, dbUser.UserRole));
                    oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, dbUser.User_ID.ToString()));



                    //ads only certain docadmin ids to the role.
                    if (dbUser.UserRole == Medapp.BusinessFacade.Constants.ROLE_SECRETARY)
                    {

                        // /doc/home

                        //add guids of all the doctors as roles
                        var roles = db.OfficeAdministrators.Where(p => p.Admin_ID == dbUser.User_ID);
                        foreach (var role in roles)
                        {
                            oAuthIdentity.AddClaim(new Claim(ClaimTypes.Role, role.Doctor_ID.ToString()));
                        }
                    }


                    List<Claim> jroles = oAuthIdentity.Claims.Where(c => c.Type == ClaimTypes.Role).ToList();
                    AuthenticationProperties properties = CreateProperties(dbUser.User_ID.ToString(), dbUser.UserRole, dbUser.Username, Newtonsoft.Json.JsonConvert.SerializeObject(jroles.Select(x => x.Value))); //user.UserName);


                    properties.IsPersistent = true;
                    properties.ExpiresUtc = new System.DateTimeOffset(new DateTime().AddDays(365), new System.TimeSpan());



                    var ticket = new AuthenticationTicket(oAuthIdentity, properties);

                    DateTime currentUtc = DateTime.UtcNow;
                    ticket.Properties.IssuedUtc = currentUtc;
                    ticket.Properties.ExpiresUtc = currentUtc.Add(TimeSpan.FromDays(365));
                    string accessToken = Startup.OAuthOptions.AccessTokenFormat.Protect(ticket);


                    JObject token = new JObject(
                        new JProperty("username", dbUser.Username),
                        new JProperty("token", accessToken),
                        new JProperty("uid", dbUser.User_ID.ToString()),
                        new JProperty("type", dbUser.UserRole),
                        new JProperty("roles", Newtonsoft.Json.JsonConvert.SerializeObject(jroles.Select(x => x.Value))),
                        new JProperty("access_token", accessToken),
                        new JProperty("token_type", "bearer"),
                        new JProperty("expires_in", TimeSpan.FromDays(365).TotalSeconds.ToString()),
                        new JProperty("issued", currentUtc.ToString("ddd, dd MMM yyyy HH':'mm':'ss 'GMT'")),
                        new JProperty("expires", currentUtc.Add(TimeSpan.FromDays(365)).ToString("ddd, dd MMM yyyy HH:mm:ss 'GMT'"))
                    );

                    return Ok(token);