[英]How to use external authentication services on a ASP.NET MVC Web Api
I'm developing an ASP.NET MVC Web Api with Visual Studio 2013, C# and .NET Framework 4.5.1. 我正在使用Visual Studio 2013,C#和.NET Framework 4.5.1开发ASP.NET MVC Web Api。
I was reading this article and it is very interesting. 我在读这篇文章 ,这很有趣。 It only talks about ASP.NET MVC applications and it doesn't say anything about how to implemented it with Web Api.
它仅讨论ASP.NET MVC应用程序,没有提及如何使用Web Api实现它。
I think I can use it with Web Api but I don't know how because, as I read on the article, I will need a login page and a web api doesn't have one. 我想我可以将其与Web Api一起使用,但是我不知道如何使用,因为正如我在文章中所读到的那样,我将需要一个登录页面,而Web api没有一个。
If I will consume that web api from mobile phones (iOS, Android, Windows Phone, etc.); 如果我将通过手机(iOS,Android,Windows Phone等)使用该Web API; what do I have to do?
我需要做什么?
Maybe I will need a login form on the mobile app, or maybe I will need a login page on my web api to allow login on Google, Facebook, etc. 也许我需要在移动应用程序上登录表单,或者我需要在Web API上登录页面以允许在Google,Facebook等上登录。
Any advice? 有什么建议吗?
@VansFannel, this is an old question and I'm guessing you have moved on, but I'm leaving this here for future seekers. @VansFannel,这是一个古老的问题,我想您已经继续前进,但是我将其留在这里供将来的求职者使用。
You are correct, it does not offer a login page, but it does offer what the login page itself would use. 您是正确的,它没有提供登录页面,但是提供了登录页面本身将使用的内容。
Before I begin, go download a Chrome plugin called PostMan . 开始之前,请下载一个名为PostMan的Chrome插件。 I'll show a few screenshots as I go along using it.
在使用过程中,我将显示一些屏幕截图。 I've setup a basic WebAPI with the sample Values controller still in it, but protected with [Authorize].
我已经设置了一个基本的WebAPI,其中仍带有示例Values控制器,但是受[Authorize]保护。 I'm running my sample WebAPI at http://localhost:54211 for this example.
对于本示例,我正在http:// localhost:54211上运行示例WebAPI。
Here is a high level process: 这是一个高级过程:
I'm guessing your don't have any users in this new DB yet, but if you do just skip this. 我猜您在这个新数据库中还没有任何用户,但是如果您这样做,请跳过此步骤。 Otherwise, this is how you create them without a UI.
否则,这就是在没有UI的情况下创建它们的方式。
If the body is empty and the header status was 200, then it was successful: 如果正文为空并且标头状态为200,则说明成功:
If it failed, you'll get back a header status error of 400 and some kind of error in the body like: 如果失败,您将返回标头状态错误400和正文中的某种错误,例如:
Ok, we have a user in the database, lets authenticate with the WebAPI. 好的,我们在数据库中有一个用户,让我们通过WebAPI进行身份验证。
In the results from the server, if successful (status 200), you will get back what is called a "Bearer Token" - its located in the "access_token" field like this: 在服务器的结果中,如果成功(状态200),您将获得所谓的“承载者令牌”-位于“ access_token”字段中,如下所示:
For your test, copy that token value to the clipboard (in your app you could store this away in a variable). 为了进行测试,请将令牌值复制到剪贴板(在您的应用中,您可以将其存储在变量中)。
If you try to call an [Authorize] protected method without being authenticated, you will see something like this returned: 如果您尝试在未通过身份验证的情况下调用[Authorize]受保护的方法,则会看到类似以下内容:
But you already authenticated, right? 但是您已经通过身份验证了,对吗? So why doesn't it know you anymore?
那它为什么不认识你呢? Because it's REST based and it's stateless - it doesn't know you anymore after the call is complete.
因为它是基于REST的并且是无状态的-通话完成后不再认识您。 So, you have to "remind" it of who you are each time a call is made .
因此, 每次拨打电话时 ,您都必须“提醒”您的身份。 You do this by passing the token you received earlier with every request.
为此,您可以传递每个请求之前收到的令牌。
If you get back a success (200) you can check it's body data and it will have your response: 如果您获得成功(200分),则可以检查它的身体数据,它将得到您的回应:
And that is how it's done! 就是这样完成的! I hope that helps you or others down the road.
希望对您或其他人有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.