我有Asp.Net MVC项目有用户(我使用Asp.Net Identity 2),我有另一个Asp.Net WebApi服务。
我想保证对WebApi进行身份验证,只允许Asp.Net MVC用户访问终点,我不想为此目的使用IdentityServer3。
Asp.Net MVC Startup.Auth.cs:
public void ConfigureAuth(IAppBuilder app)
{
// Configure the db context, user manager and signin manager to use a single instance per request
app.CreatePerOwinContext(ApplicationDbContext.Create);
app.CreatePerOwinContext<ApplicationUserManager>(ApplicationUserManager.Create);
app.CreatePerOwinContext<ApplicationSignInManager>(ApplicationSignInManager.Create);
// Enable the application to use a cookie to store information for the signed in user
// and to use a cookie to temporarily store information about a user logging in with a third party login provider
// Configure the sign in cookie
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
// Enables the application to validate the security stamp when the user logs in.
// This is a security feature which is used when you change a password or add an external login to your account.
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
}
我认为我应该使用bearar令牌和JWT令牌,我可以在WebApi方面使用Thinketure身份模型,但我搜索找到一种清晰的方式来描述如何做但我没有找到?
例如,我认为有许多选项,如SAML,JWT或OAuth 2授权代码流,但实施步骤是什么?