logo标签列表

ASP.NET 5 OAuth bearer token认证

asp.netoauthowinasp.net-core
10

我正在尝试在ASP.NET 5中实现OAuth Bearer令牌身份验证,但由于OWIN在ASP.NET 5中发生了变化,因此很难找到如何执行此操作的示例。

例如IApplicationBuilder.UseOAuthAuthorizationServer()IApplicationBuilder. UseOAuthBearerAuthentication()已经不存在或者我缺少引用?

非常感谢您提供任何指导。

3个回答
5

我做了这个工作,但是使用了Thinktecture身份服务器v3作为我的令牌提供者,但我认为如果你有另一个令牌提供者,它将是相同的流程....

(更新:我添加了一个带有代码的github存储库:在这里)

这是我的启动类:(Identityserver v3也可以在Vnext上运行,只需要进行一些小的调整)。请注意,我将服务器和Web API放在同一个Web应用程序中。如果您有两个不同的Web项目也可以,但这里是为了演示的缘故...

public class Startup
{
    // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940
    public void ConfigureServices(IServiceCollection services)
    {
        services.AddMvc();
    }

    public void Configure(IApplicationBuilder app)
    {
        app.Map("/core", core =>
        {
            var factory = InMemoryFactory.Create(
                                    users: Users.Get(),
                                    clients: Clients.Get(),
                                    scopes: Scopes.Get());

            var idsrvOptions = new IdentityServerOptions
            {
                IssuerUri = "https://idsrv3.com",
                SiteName = "test vnext Identity server",
                Factory = factory,
                SigningCertificate = Certificate.Get(),
                RequireSsl = false,

                CorsPolicy = CorsPolicy.AllowAll,

                AuthenticationOptions = new AuthenticationOptions
                {
                }
            };

            core.UseIdentityServer(idsrvOptions);
        });

        app.Map("/api", api =>
        {

            api.UseOAuthBearerAuthentication(options => {
                options.Authority = Constants.AuthorizationUrl;
                options.MetadataAddress = Constants.AuthorizationUrl + "/.well-known/openid-configuration";
                options.TokenValidationParameters.ValidAudience = "https://idsrv3.com/resources"; 
            });

            api.UseMvc();

        });

    }
}

从这里可以看出我的IdentityServerV3被映射到了'/core',而在同一个Web应用项目中(也可以是另一个项目),我有一个使用MVC的Web API。以下是该控制器:

  [Authorize]
[Route("[controller]")]
public class Test : Controller
{
    [HttpGet]
    public JsonResult Get()
    {
        return Json(new
        {
            message = "You See this then it's ok auth is  :" + User.Identity.IsAuthenticated,
        });
    }
}

我在身份服务器上配置了一个客户端:

  new Client
            {
                 //Resource Owner Flow Client (our web UI)
                ClientName = "WebUI",
                Enabled = true,

                ClientId = "IdentityWebUI",
                ClientSecrets = new List<ClientSecret>
                {
                    new ClientSecret("secret".Sha256())
                },

                Flow = Flows.ResourceOwner,
                AccessTokenType = AccessTokenType.Jwt,
                AccessTokenLifetime = 3600

            }

以下是用户(使用InMemory用户):

 return new List<InMemoryUser>
        {
            new InMemoryUser
            {
                Username = "testUser",
                Password = "testPwd",
                Subject = "I am the Subject"
            }

        };

在 Fiddler 中,我发出以下 POST 请求以获取令牌:
    POST : http://localhost:4357/core/connect/token

    User-Agent: Fiddler
    Host: localhost:4357
    Content-Length: 67
    Content-Type: application/x-www-form-urlencoded
    Authorization: Basic SWRlbnRpdHlXZWJVSTpzZWNyZXQ=

    grant_type=password&username=testUser&password=testPwd&scope=openid

在响应中,您将获得一个Access_token

{"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJjbGllbnRfaWQiOiJJZGVudGl0eVdlYlVJIiwic2NvcGUiOiJvcGVuaWQiLCJzdWIiOiJJIGFtIHRoZSBTdWJqZWN0IiwiYW1yIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE0MjgzOTQ3MzAsImlkcCI6Imlkc3J2IiwiaXNzIjoiaHR0cHM6Ly9pZHNydjMuY29tIiwiYXVkIjoiaHR0cHM6Ly9pZHNydjMuY29tL3Jlc291cmNlcyIsImV4cCI6MTQyODM5ODMzMCwibmJmIjoxNDI4Mzk0NzMwfQ.cbB4YrRXaaRDNw8BjeI4Q1DvXN28xmJScMJBGWCM_zSLcH1i63cQVTmR8X86rGP5VrR0Ly4-EmWZ8911Vh4jc4Ua0Kgz2n7RbmQ6VqQX5Z_lM3F8EIgD81kpUn0v3hhSFW06aJ2Lo1XOZG_re84xGgqre-H4dC0XZR6IQMEAQ9Q5dOXBh8V1NxyLSh0PzyrRRmOnEndoaY4uaIFtbp9j7KnXxQ3ZdGmaYAO96xuhHfO1DbgRdw6fYyf4nnC795yhnwDh1QZGxPsFaysJSA_3-cjmw-29m-Ga0hD1ALfVE7R57iNLxkB6dyEuz1UFJhJyibRDW9sNspo2gQFZZGxMKQ","expires_in":3600,"token_type":"Bearer"}

然后我使用该access_token调用我的Web API。
这是Fiddler(在composer面板中)。
    GET http://localhost:4357/api/Test

    User-Agent: Fiddler
    Host: localhost:4357
    Content-Length: 0
    Content-Type: application/x-www-form-urlencoded
    Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJjbGllbnRfaWQiOiJJZGVudGl0eVdlYlVJIiwic2NvcGUiOiJvcGVuaWQiLCJzdWIiOiJJIGFtIHRoZSBTdWJqZWN0IiwiYW1yIjoicGFzc3dvcmQiLCJhdXRoX3RpbWUiOjE0MjgzOTQ3MzAsImlkcCI6Imlkc3J2IiwiaXNzIjoiaHR0cHM6Ly9pZHNydjMuY29tIiwiYXVkIjoiaHR0cHM6Ly9pZHNydjMuY29tL3Jlc291cmNlcyIsImV4cCI6MTQyODM5ODMzMCwibmJmIjoxNDI4Mzk0NzMwfQ.cbB4YrRXaaRDNw8BjeI4Q1DvXN28xmJScMJBGWCM_zSLcH1i63cQVTmR8X86rGP5VrR0Ly4-EmWZ8911Vh4jc4Ua0Kgz2n7RbmQ6VqQX5Z_lM3F8EIgD81kpUn0v3hhSFW06aJ2Lo1XOZG_re84xGgqre-H4dC0XZR6IQMEAQ9Q5dOXBh8V1NxyLSh0PzyrRRmOnEndoaY4uaIFtbp9j7KnXxQ3ZdGmaYAO96xuhHfO1DbgRdw6fYyf4nnC795yhnwDh1QZGxPsFaysJSA_3-cjmw-29m-Ga0hD1ALfVE7R57iNLxkB6dyEuz1UFJhJyibRDW9sNspo2gQFZZGxMKQ

然后我在Fidler中获取响应: 你可以通过以下链接获得更多信息:link,但这与vnext无关。 我将发布一篇文章,因为我需要一个AngularJS应用程序来进行身份验证,并使用隐式流而不是资源所有者流...使用visual studio 2015预览版。
3
我对阅读您关于AngularJS、Oauth隐式流和VS 2015的帖子很感兴趣。这篇文章已经发布在哪里了吗? - Jeremy
"Identityserver v3也可以在Vnext上运行,只需要进行一些小的调整。请问您能否提供更多信息?因为我似乎无法解决依赖关系问题。" - MRainzo
1
@MRainzo 请查看此处实现Identity Server 3的ASP.NET 5示例项目:https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/AspNet5Host - Corstian Boerman
在您的POST请求中,Authorization: Basic SWRlbnRpdHlXZWJVSTpzZWNyZXQ=是什么?它来自哪里? - Alex
这是基本身份验证,用户密码已编码:用户名:密码以base64编码。您可以使用Fiddler完成此操作。请查看其文档。 - Cedric Dumont
4

我不确定 UseOAuthAuthorizationServer 在哪里,但是对于 UseOAuthBearerAuthentication,请尝试添加 Microsoft.AspNet.Security.OAuthBearer NuGet 包,然后在你的启动 Configure 方法中添加以下内容:

app.UseOAuthBearerAuthentication(options =>
            {
                options.Audience = {your audience};
                options.Authority = {your authority}}); //or whatever options you need
FYI,Katana中的OAuth2授权服务器不会被移植到ASP.NET 5:https://dev59.com/pF4b5IYBdhLWcg3wfhuR#29144031 - Kévin Chalet
2

这里最麻烦的是令牌生成。我已经尝试使用默认的Microsoft.AspNet.Security.OAuthBearer包来构建一个,但并不容易。

// Injected from the constructor; this is why we configured the options above rather 
// than simply passing them to the UseOAuthBearerAuthentication()
private readonly OAuthBearerAuthenticationOptions bearerOptions;

// In your /Token action...
var handler = bearerOptions.SecurityTokenValidators.OfType<System.IdentityModel.Tokens.JwtSecurityTokenHandler>()
    .First();
// The identity here is the ClaimsIdentity you want to authenticate the user as.
// You can get this using the SignInManager if you're using Identity.
var securityToken = handler.CreateToken(
    issuer: bearerOptions.TokenValidationParameters.ValidIssuer, 
    audience: bearerOptions.TokenValidationParameters.ValidAudience, 
    subject: identity);
var token = handler.WriteToken(securityToken);
// The var token is your bearer token

我的完整解决方案详见:ASP.Net 5(vNext)中基于令牌的身份验证

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接