我有一个独立的Auth服务器和多个共享服务器密钥的资源服务器。资源服务器上的启动看起来像这样:
public partial class Startup
{
public void Configuration(IAppBuilder app)
{
ConfigureOAuth(app);
HttpConfiguration config = new HttpConfiguration();
WebApiConfig.Register(config);
app.UseWebApi(config);
}
public void ConfigureOAuth(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions());
}
}
我创建了Windows服务,并拥有此Startup类
class Startup
{
//Type valuesControllerType = typeof(OWINTest.API.ValuesController);
public void Configuration(IAppBuilder app)
{
ConfigureOAuth(app);
//tried it with the listener and without
HttpListener listener = (HttpListener)app.Properties["System.Net.HttpListener"];
listener.AuthenticationSchemes = //AuthenticationSchemes.IntegratedWindowsAuthentication |
AuthenticationSchemes.Anonymous;
HttpConfiguration config = new HttpConfiguration();
//tried it with this and without
config.SuppressDefaultHostAuthentication();
//tried it with this and without
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));
config.MapHttpAttributeRoutes();
app.UseWebApi(config);
}
public void ConfigureOAuth(IAppBuilder app)
{
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
Provider = new HeaderTokenProvider(),
AccessTokenProvider = new AuthenticationTokenProvider(),
});
}
}
但是身份验证部分不起作用。当我的控制器使用[Authorize]装饰时,我会被拒绝认证
{ “消息”:“对此请求的授权已被拒绝。” }
现在,我不确定中间件是否正确提取了机器密钥。因此,我实现了AccessTokenProvider,如下所示
app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()
{
Provider = new HeaderTokenProvider(),
AccessTokenProvider = new AuthenticationTokenProvider(),
});
public async Task ReceiveAsync(AuthenticationTokenReceiveContext context)
{
var secureDataFormat = new TicketDataFormat(new MachineKeyProtector());
AuthenticationTicket ticket = secureDataFormat.Unprotect(context.Token.Replace("Bearer ", ""));
//context.DeserializeTicket(context.Token); //this does not seem to work
context.SetTicket(ticket);
//when I print the line below I get true and my username
ticket.Identity.IsAuthenticated + " identity IS " + ticket.Identity.Name
//so the ticket has the correct info and I can manually un-encrypt it and get the correct properties.
}
因此,我该如何在管道中未设置Windows原理,我可以手动设置它。
我尝试过这样的事情:
context.OwinContext.Authentication.User = new System.Security.Claims.ClaimsPrincipal();
context.OwinContext.Authentication.User.AddIdentity(ticket.Identity);
//
//var principal = new ClaimsPrincipal(ticket.Identity);
//context.Request.User = principal;
//WindowsPrincipal user = principal as WindowsPrincipal;
//context.OwinContext.Authentication.User = principal;
感谢您的帮助。