Azure WebAPI授权步骤

时间:2017-08-29 22:11:29

标签: azure authentication authorization owin

我想在我的Web API中实施授权,以实现与我在下面所做的相同:

  1. 在azure门户上创建并部署了webapi。
  2. 在Azure AD中注册我的应用程序
  3. 通过清单
    4. 定义应用程序级别角色
  4. 创建客户端和客户端密钥

    5. 我在控制器的API方法顶部放置了Authorize属性:

      [Authorize(Roles = "ApplicationOwner")]
        public String Index()
        {
            return "Testing based on role";
        }

    但是这段代码无效。

    我想通过使用OWIN授权相同...我尝试使用客户端调用Web API方法而不发送承载令牌,但我的方法每次都被调用。

    请帮我修改相同的步骤。

    以下是启动代码: -

    app.UseCors(Microsoft.Owin.Cors.CorsOptions.AllowAll); 

            var OAuthOptions = new OAuthAuthorizationServerOptions
        {
            AllowInsecureHttp = true,
            TokenEndpointPath = new PathString("/oauth/Token"),
            AccessTokenExpireTimeSpan = TimeSpan.FromHours(8),
            Provider = new Providers.MyAuthorizationServerProvider(),

        app.UseOAuthAuthorizationServer(OAuthOptions);
        app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());

        var config = new HttpConfiguration();

        config.SuppressDefaultHostAuthentication();
        config.Filters.Add(new 
         HostAuthenticationFilter(OAuthDefaults.AuthenticationType));

        config.MapHttpAttributeRoutes();


        app.UseWebApi(config);

    每次我在承载令牌中发送适当的角色时,我都会收到错误401.我的要求是创建安全的webapi,如果消费者在请求头中发送了承载令牌,则可以访问该webapi。

    公共类ApplicationOAuthProvider:OAuthAuthorizationServerProvider     {         private readonly string _publicClientId; 

        public ApplicationOAuthProvider()
    {

    }

    public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
    {


        var identity = new ClaimsIdentity(context.Options.AuthenticationType);
         identity.AddClaim(new Claim(ClaimTypes.Role, "Application_Approver"));


        identity.AddClaim(new Claim(ClaimTypes.Name, context.UserName));
        identity.AddClaim(new Claim(ClaimTypes.Role, "Admin"));


        AuthenticationProperties properties = CreateProperties("Application_Approver");
        AuthenticationTicket ticket = new AuthenticationTicket(identity, properties);
        context.Validated(ticket);
    }
    public override async Task ValidateClientAuthentication(OAuthValidateClientAuthenticationContext context)
    {

        context.Validated();
    }
    public override Task TokenEndpoint(OAuthTokenEndpointContext context)
    {
        foreach (KeyValuePair<string, string> property in context.Properties.Dictionary)
        {
            context.AdditionalResponseParameters.Add(property.Key, property.Value);
        }

        return Task.FromResult<object>(null);
    }


    public static AuthenticationProperties CreateProperties(string userName, string Roles)
    {
        IDictionary<string, string> data = new Dictionary<string, string>
    {

        {"roles",Roles}
    };
        return new AuthenticationProperties(data);
    }

0 个答案:

没有答案
相关问题
最新问题