我试图向受保护的API发出请求,因此我需要向HttpClient添加一个授权请求标头,如下所示:
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", "Your Oauth token");
但是如何从控制器获取身份验证令牌("你的Oauth令牌")?
PS:我已经对Identity Server 4进行了身份验证。 应用程序在AspNetCore中开发。
完整代码:
[Authorize] //Already authenticated
public IActionResult SomeControllerAction()
{
var claimsIdentity = User.Identity as ClaimsIdentity; //where is JWTToken??
var JWTTokne = "how to get?";
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", JWTTokne);
var result = client.PostAsync("someurl", new StringContent(json, Encoding.UTF8, "application/json")).Result;
//more code to handle result....
}
return View();
}
答案 0 :(得分:2)
您可以使用以下方式获取访问令牌:
// Get the access token.
var accessToken = await HttpContext.Authentication.GetTokenAsync("access_token");
var client = new HttpClient();
// Set the access token as the bearer token (Authorization header of the request).
client.SetBearerToken(accessToken);
答案 1 :(得分:1)
您可以查看HTTP上下文,因为您可以在控制器中从HttpContext.Request.Headers["Authorization"]的标头获取令牌。这显然只有在客户端将该标头放入请求时才有效。
答案 2 :(得分:0)
核心:
var accessToken = await HttpContext.Authentication.GetTokenAsync("access_token");
或者这个:
var token = Request.Headers["Authorization"];
对于我使用的MVC 5控制器中的access_token:
var token = (User as ClaimsPrincipal).FindFirst("access_token").Value
在我使用的受保护的web api 2(非核心)方法中:
var access_token = ControllerContext.Request.Headers.Authorization.Parameter;
答案 3 :(得分:0)
使用AspNet Core 2.0和新的身份验证系统,您只需在HttpContext上使用扩展方法。
HttpContext context;
await context.GetTokenAsync("access_token")
并在MVC控制器中
public class MyController : Controller
{
public IActionResult Get(){
var token = await HttpContext.GetTokenAsync("access_token");
}
}