如何在ASP.NET中获取OAuth授权代码

时间:2018-08-23 12:49:43

标签: asp.net .net oauth asp.net-web-api2 asp.net-identity-2

我正忙于在oauth WEB API上实现ASP.NET授权服务器。

我已设置API以支持授权服务器:

Startup.Auth.cs

public void ConfigureAuth(IAppBuilder app)
    {
        app.CreatePerOwinContext(IdentityDbContext.Create);           
        app.CreatePerOwinContext<UserManager>(UserManager.Create);

        app.UseCookieAuthentication(new CookieAuthenticationOptions());            
        app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);

        // Configure the application for OAuth based flow
        PublicClientId = "self";

        OAuthOptions = new OAuthAuthorizationServerOptions
        {  
            AllowInsecureHttp = true,
            ApplicationCanDisplayErrors = true,
            TokenEndpointPath = new PathString("/Token"),
            Provider = new SimpleAuthorizationServerProvider(),
            RefreshTokenProvider = new SimpleRefreshTokenProvider(),
            AccessTokenExpireTimeSpan = TimeSpan.FromHours(24),
            AuthorizationCodeProvider = new SimpleAuthorizationCodeProvider()
        };

        app.UseOAuthBearerTokens(OAuthOptions);
        app.UseOAuthAuthorizationServer(OAuthOptions);
    }

然后我实现了SimpleAuthorizationCodeProvider()

public class SimpleAuthorizationCodeProvider : IAuthenticationTokenProvider
{            

    public async Task CreateAsync(AuthenticationTokenCreateContext context)
    {
        context.Ticket.Properties.Dictionary.TryGetValue("as:client_id", out string clientId);

        //Build holder object
        var holder = new AuthorizationCodeHolder(0, clientId, context.SerializeTicket());

        var protectedTicket = AesSymmetricalEncryption.EncryptData(Key, JsonConvert.SerializeObject(holder));
        //Set the Token for the request
        context.SetToken(protectedTicket);
    }


    public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
    {
        //Decrypt token
        var token = AesSymmetricalEncryption.DecyptData(Key, context.Token);
        //Convert back to object
        var ticket = JsonConvert.DeserializeObject<AuthorizationCodeHolder>(token);            
        //
        context.DeserializeTicket(ticket.Ticket);
    }

但是,现在我的问题是,我不知道如何生成此授权码?

我在单独的MVC网站上有一个部分,用户可以在其中登录。完成此操作后,我需要返回一个带有参数code={auth code}的响应。我该如何生成此授权码?

我需要登录到api,然后调用特定端点吗?还是可以只在MVC网站中使用owin身份验证来生成它?

我已经测试过该api,并且可以使用身份验证代码登录,但我只是不知道如何生成有效的api?

0 个答案:

没有答案